Feature #4282: Ensure that the flags used for the initial TCP packets are saved - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4282

open

Ensure that the flags used for the initial TCP packets are saved

Added by Jeff Weeks almost 4 years ago.

Status:

New

Priority:

Normal

Assignee:

Jeff Weeks

Target version:

Effort:

Difficulty:

Label:

Description

Suricata saves the TCP flags which it sees inside `struct TcpStream_::tcp_flags` but this contains a union of all flags seen.
It can be beneficial to know the flags used solely in the first packet seen (in each direction).

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4282

Ensure that the flags used for the initial TCP packets are saved