12-16-2004 09:15 PM - edited 03-10-2019 01:11 AM
Hi,
I have configured an Atomic.TCP signature to log any TCP session when it establishes or resets. Attached is the signature. Please advice what`s wrong with that signature. It is not sensing TCP session despite I have configured the specified ports.
Regards
12-17-2004 07:45 AM
I believe the "Mask" and "TcpFlags" parameters might be causing your trouble. This signature will only fire when both the PSH and ACK flags are set. You want it set to either SYN for the client's connection, or SYN ACK for the server to detect the connection establishment. You will need another signature where you are looking for the RST flag, to detect the reset case.
12-17-2004 10:29 PM
Did as per your instruction but same result.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide