[Snort-users] SnortDB-Extra Issues

Josh Berry josh.berry at ...10221...
Sat May 15 11:21:05 EDT 2004


I recently loaded the snortdb-extra stuff to my database because I am
working on my own analysis front-end and it seemed like some of the data
was wrong.

For instance, when the spp_stream4 preprocessor generates a SYN/FIN alert,
it inserts the tcp_flags value into tcphdr as 3 as it should be.  But then
looking up the value of 3 in the flags table shows 3 as being NULL packet
with both of the reserved bits set.

Am I just using this wrong or are the values wrong.


Thanks




More information about the Snort-users mailing list