Home page logo
/

snort logo Snort mailing list archives

Flags in snort rules
From: Bill McCarty <bmccarty () apu edu>
Date: Sun, 17 Mar 2002 15:30:07 -0800

I'm trying to code a Snort rule that will match packets having the SYN flag set but the ACK flag not set. It seemed to me that "flags:S;" would do this. But, looking at packet traces seems to indicate that such a rule matches packets with the SYN flag set, irrespective of the state of the ACK flag.

Have I coded the rule incorrectly, read the packet traces incorrectly, or both?

Thanks

---------------------------------------------------
Bill McCarty

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault