[Snort-users] TCP reserved flags: which is it?

John Sage jsage at ...2022...
Mon Jul 22 00:01:08 EDT 2002


On Sun, Jul 21, 2002 at 03:55:30PM +1000, Chris Keladis wrote:
> Hi John,
> 
> The flags represent the same.
> 
> It just seems like ACID prints them out in a different order.
> 
> You still have reserved flags 1 and 2 set, regardless if you read them 
> as 2 and 1.

OK:

So "1" represents "..The CWR flag is assigned to Bit 8 in the
Reserved field of the TCP header.."

And "2" represents "..Bit 9 in the Reserved field of the
   TCP header [and] is designated as the ECN-Echo flag.."

(ftp://ftp.isi.edu/in-notes/rfc2481.txt - which was obsoleted by
ftp://ftp.isi.edu/in-notes/rfc3168.txt)


or,

  0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
|               |               | C | E | U | A | P | R | S | F |
| Header Length |    Reserved   | W | C | R | C | S | S | Y | I |
|               |               | R | E | G | K | H | T | N | N |
+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+

(ftp://ftp.isi.edu/in-notes/rfc3168.txt)


OK?

Cool.


- John
-- 
"Obviously, we do not want to leave zombies around."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the Snort-users mailing list