[Snort-users] Flags in snort rules

Bill McCarty bmccarty at ...5196...
Sun Mar 17 15:31:05 EST 2002


I'm trying to code a Snort rule that will match packets having the SYN flag 
set but the ACK flag not set. It seemed to me that "flags:S;" would do 
this. But, looking at packet traces seems to indicate that such a rule 
matches packets with the SYN flag set, irrespective of the state of the ACK 
flag.

Have I coded the rule incorrectly, read the packet traces incorrectly, or 
both?

Thanks

---------------------------------------------------
Bill McCarty




More information about the Snort-users mailing list