[Bro] conn.log history has letter 'Q'?
Seth Hall
seth at icir.org
Wed Aug 19 18:30:37 PDT 2015
> On Aug 19, 2015, at 8:21 PM, 김희철 <hckim at narusec.com> wrote:
>
> In side a Conn.log history I have letter 'Q' in it.
> I can not find any info about 'Q'
> am I missing something?
>
> 1439941988.068044 C3FNvf40Sa0n7jtNTf 10.122.100.26 63394 10.122.110.8 22 tcp - 1.796387 0 0 SH T Qah 1 60 4 224 (empty) (empty) (empty)
‘Q’ indicates a multi flag packet. It should be either a syn/fin or syn/rst packet.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list