[Snort-users] tcp flags

Chris Green cmg at ...671...
Thu Feb 28 12:27:01 EST 2002


"Basil Saragoza" <snortlst at ...125...> writes:

> I looked at the rules and noticed that quite often tcp flag set to flags:A+
> I used to think that tcp flags were:
> SYN (s), ACK (ack),  FIN (f), RESET (r), PUSH (p), URGENT (urg), and
> Placeholder (.).
>
> What is A+ as tcp flag? Are there any others I'm not aware of?
> thx.

http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.13

A is ack; + means ACK plus anything else.
-- 
Chris Green <cmg at ...671...>
Eschew obfuscation.




More information about the Snort-users mailing list