[Snort-users] TCP reserved flags: which is it?
cpw at ...440...
Sun Jul 21 11:15:04 EDT 2002
On Sat, Jul 20, 2002 at 10:10:00PM -0700, John Sage wrote:
> On Wed, Jul 17, 2002 at 11:38:31PM -0700, John Sage wrote:
> > Received some tcp:25 packets with the reserved flag bits set.
> What about my question?
Take a look at rfc2481 and rfc2914.txt. Those bits are being used
for explicit congestion control. Of course it only works if both ends
and intervening routers are participating. Here is a snippit from rfc 2481:
The following sections describe in detail the proposed use of ECN in
TCP. This proposal is described in essentially the same form in
[Floyd94]. We assume that the source TCP uses the standard congestion
control algorithms of Slow-start, Fast Retransmit and Fast Recovery
This proposal specifies two new flags in the Reserved field of the
TCP header. The TCP mechanism for negotiating ECN-Capability uses
the ECN-Echo flag in the TCP header. (This was called the ECN Notify
flag in some earlier documents.) Bit 9 in the Reserved field of the
TCP header is designated as the ECN-Echo flag. The location of the
6-bit Reserved field in the TCP header is shown in Figure 3 of RFC
> What about *my* question :-/
> - John
> "Obviously, we do not want to leave zombies around."
> PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users