[Bro] conn.log history has letter 'Q'?
김희철
hckim at narusec.com
Wed Aug 19 23:16:17 PDT 2015
Hi Seth
Thank you for fast replay
On Thu, Aug 20, 2015 at 10:30 AM, Seth Hall <seth at icir.org> wrote:
>
> > On Aug 19, 2015, at 8:21 PM, 김희철 <hckim at narusec.com> wrote:
> >
> > In side a Conn.log history I have letter 'Q' in it.
> > I can not find any info about 'Q'
> > am I missing something?
> >
> > 1439941988.068044 C3FNvf40Sa0n7jtNTf 10.122.100.26 63394
> 10.122.110.8 22 tcp - 1.796387 0 0
> SH T Qah 1 60 4 224 (empty) (empty)
> (empty)
>
> ‘Q’ indicates a multi flag packet. It should be either a syn/fin or
> syn/rst packet.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150820/746cb8e2/attachment.html
More information about the Bro
mailing list