[Snort-users] A question about flow:established keyword

Risto Vaarandi risto.vaarandi at ...5731...
Fri May 9 07:39:03 EDT 2003

Risto Vaarandi wrote:
> I run into the same problem recently and at least for me it looks like 
> that flags:A+ and established are not identical. For example, the 
> difference comes out when the snort is able to observe only the incoming 
> traffic, but not the outcoming. In that case flags:A+ will produce 
that should read "outgoing", sorry for the typo :)

More information about the Snort-users mailing list