[Snort-users] TCP reserved flags: which is it?

Phil Wood cpw at ...440...
Sun Jul 21 11:15:04 EDT 2002

On Sat, Jul 20, 2002 at 10:10:00PM -0700, John Sage wrote:
> On Wed, Jul 17, 2002 at 11:38:31PM -0700, John Sage wrote:
> > Received some tcp:25 packets with the reserved flag bits set.
> <snip>
> What about my question?
> Guys?
Take a look at rfc2481 and rfc2914.txt.  Those bits are being used
for explicit congestion control.  Of course it only works if both ends
and intervening routers are participating.  Here is a snippit from rfc 2481:

6.1. TCP

   The following sections describe in detail the proposed use of ECN in
   TCP.  This proposal is described in essentially the same form in
   [Floyd94]. We assume that the source TCP uses the standard congestion
   control algorithms of Slow-start, Fast Retransmit and Fast Recovery
   [RFC 2001].

   This proposal specifies two new flags in the Reserved field of the
   TCP header.  The TCP mechanism for negotiating ECN-Capability uses
   the ECN-Echo flag in the TCP header.  (This was called the ECN Notify
   flag in some earlier documents.)  Bit 9 in the Reserved field of the
   TCP header is designated as the ECN-Echo flag.  The location of the
   6-bit Reserved field in the TCP header is shown in Figure 3 of RFC
   793 [RFC793].

> What about *my* question :-/
> - John
> -- 
> "Obviously, we do not want to leave zombies around."
> PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
> Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Phil Wood, cpw at ...440...

More information about the Snort-users mailing list