[Snort-users] SNORT keywork to check TCP window size
cpw at ...440...
Wed Sep 12 09:23:05 EDT 2001
On Wed, Sep 12, 2001 at 04:19:22PM +0100, Alberto Grazi wrote:
> I've actually found something in the changelog which says it is possible
> to check it but there is no mention at all in the documentation... Can
> anyone help ?
alert tcp any any -> any any (msg: "window is zero"; window: 0;)
> /* $Id: ChangeLog,v 1.13 2001/08/15 05:54:35 roesch Exp $ */
> 2001-04-19 bmc <bmc at ...312...>
> * added sp_tcp_win_check. TCP Window Size can be looked now
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Alberto
> Sent: 13 September 2001 00:42
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] SNORT keywork to check TCP window size
> does anyone know how to check the window size of a TCP packet in a SNORT
> I've been looking in the documentation and on the Net but I haven't
> found it yet... there has to be a way, it's written in the changelog!
> Any help is appreciated.
> Alberto Grazi
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users