Home page logo

snort logo Snort mailing list archives

Re: TCP session without 3-way handshake - Snort
From: Greg Williams <gwillia5 () uccs edu>
Date: Thu, 16 May 2013 03:09:25 +0000

What part of the TCP session is not making it?  Is there any packet capture?  Sounds like a SYN attack, but not really 
an attack if it’s just a few of them.  Look at the ACKs and sequence numbers if you have those.  They should provide a 
clue as to what is happening with the handshake.  I’ll plan on updating my code in a few days and see if I get any hits 
on this too.  I typically have 5000 hosts online at any given time so I should be able to see the same thing and run a 
packet capture.

From: Nathan Page [mailto:nwpage () nathanpage com]
Sent: Tuesday, May 14, 2013 7:37 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] TCP session without 3-way handshake - Snort

Can someone tell me were I can find more out about the ‘TCP session without 3-way handshake’ error. I am getting a lot 
of these.


AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]