[Dshield] tcp options

Bjørn Ruberg bjorn at ruberg.no
Tue Jan 24 21:25:29 GMT 2006


chupu wrote:
> 
> I got some funky TCP options today that Snort flagged.  I am not familiar with these options and am hoping someone has seen them.  I am good with the MSS,nop,nop,SACK.  But then I get confused...
> 
> 4c0a 0101 0a1e 0415 0005
> 

You'll get a lot of useful information by analyzing your packet dump in 
Ethereal (http://www.ethereal.com/).

-- 
Bjørn

"Despite the fact that most people have become more anxious and more
  ignorant about information and their culture in the last decade,
  one of the most exciting evolutions from punk culture and modern
  technology has been the philosophy that access to a computer
  and/or a copier can provide a way to share informational and
  recreational knowledge."


More information about the list mailing list