[Snort-users] SnortDB-Extra Issues
josh.berry at ...10221...
Sat May 15 11:21:05 EDT 2004
I recently loaded the snortdb-extra stuff to my database because I am
working on my own analysis front-end and it seemed like some of the data
For instance, when the spp_stream4 preprocessor generates a SYN/FIN alert,
it inserts the tcp_flags value into tcphdr as 3 as it should be. But then
looking up the value of 3 in the flags table shows 3 as being NULL packet
with both of the reserved bits set.
Am I just using this wrong or are the values wrong.
More information about the Snort-users