[Snort-users] TCP Flags & MySQL

Paul.Melson at ...4385... Paul.Melson at ...4385...
Wed May 10 14:43:01 EDT 2006


I have a Snort sensor logging to a MySQL database which is front-ended
by a commercial application that allows for packet payload retrieval.

This weekend, the system recorded a large number of "TCP port 0" alerts,
and as expected it didn't record a payload.  However, it did record
tcp_flags and tcp_win.  However, I am having difficulty interpreting the
raw values in the tcphdr table into usable data.  Can someone point me
to a doc that explains these values, or if I tell you that the tcp_flags
values I see most often are 2 and 18, can you tell me which flags are
set?

Thanks,
PaulM

** ** **  PRIVILEGED AND CONFIDENTIAL  ** ** **
This email transmission contains privileged and confidential information intended only for the use of the individual or entity named above.  Any unauthorized review, use, disclosure or distribution is prohibited and may be a violation of law.  If you are not the intended recipient or a person responsible for delivering this message to an intended recipient, please delete the email and immediately notify the sender via the email return address or mailto:postmaster at ...13599...  Thank you.

- end -





More information about the Snort-users mailing list