[Bro] TCP options of a SYN packet
thomastan81 at gmail.com
Wed Dec 2 07:41:54 PST 2015
I have checked out the TCPRS-plugin (
Unfortunately, it does not do the job. It cannot get TCP options and the
order of the options down from a SYN packet. The TCP options of a SYN
packet I am concerning are described below.
# NOP option
# EOL option
# window scaling option, value nnn (or * or %nnn)
# maximum segment size option, value nnn (or * or %nnn)
# selective ACK OK
# timestamp with zero value
# unrecognized option number n.
Your kind help will be very much appreciated.
On 26 November 2015 at 12:29, Thomas Tan <thomastan81 at gmail.com> wrote:
> Dear Jan,
> Many thanks for you reply. I am using tcp_option event. However, it seems
> to me that the event can't tell which TCP options are from the SYN packet
> of a connection and which ones are from other packets of the connection. I
> think I will look into the TCPRS-plugin.
> Best regards,
> On 26 November 2015 at 12:16, Jan Grashofer <jan.grashofer at cern.ch> wrote:
>> Hi Thomas,
>> there is the tcp_option event, that might help you (see
>> If that does not fit for you, you might have a look into the TCPRS-plugin (
>> I have never used it but I think it also parses some TCP options and thus
>> might be a good starting point.
>> Best regards,
>> *From:* bro-bounces at bro.org [bro-bounces at bro.org] on behalf of Thomas
>> Tan [thomastan81 at gmail.com]
>> *Sent:* Thursday, November 26, 2015 10:18
>> *To:* bro at bro.org
>> *Subject:* [Bro] TCP options of a SYN packet
>> Dear All,
>> Just wondering if anyone knows a way (an event) to obtain TCP options of
>> a SYN packet?
>> Your help will be very much appreciated.
>> Thank you.
>> Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro