[Snort-users] ack packets and data sequence

Jeffrey Starin jeffs at ...1936...
Tue Oct 26 10:35:08 EDT 2004


A nice person responded to my previous query about how to track packets after an alert has been triggered using the dynamic rules.  Okay, that is fine, but it is also bringing in packets that just contain header information and not the raw data.  I did notice that the data I am looking for always has the ack bit set equal to the previous ack bit, whereas the data I am not interested in always has a different ack bit sequence from the previous.  So... I guess my next question would be if there is a way to track only certain ack  bits and how would one actually get that bit into a variable or whatever, to track?
Thanks...
bulgin






More information about the Snort-users mailing list