[Snort-users] Window Size

Andy Wood andy.wood at ...9040...
Thu Jun 19 13:38:06 EDT 2003

	Can rules be written to detect a certain WINDOW size (See below
kernel msg(not sure if WINDOW=dsize))

Jun 17 06:59:57 darkgate kernel: TCP DROP: IN=br0 OUT=br0 PHYSIN=eth0
PHYSOUT=eth1 SRC= DST= LEN=52 TOS=0x00 PREC=0x00
TTL=99 ID=57300 PROTO=TCP SPT=56102 DPT=55533 WINDOW=55808 RES=0x00 SYN


More information about the Snort-users mailing list