Hello all, I have tried to write a filter to match TCP-Flags. I have tried to filter out TCP-SYN packets:
filter-primitive ip-tcp-flags type ip-tcp-flags permit 2 default deny And filter-primitive ip-tcp-flags type ip-tcp-flags mask 0x02 permit 0xFF default deny And filter-primitive ip-tcp-flags type ip-tcp-flags mask 0xFF permit 0x02 default deny But there isnĀ“t a match in my report (an there should be tons) The only thing that generates an output was: ## no flag set filter-primitive ip-tcp-flags type ip-tcp-flags mask 0xFF permit 0x00 default deny And ## any flag combination filter-primitive ip-tcp-flags type ip-tcp-flags mask 0x00 permit 0x00 default deny I am using flow-tools 0.68 and a Enterasys SSR 8000 with 10.0.0.4. Do I need a never version of SSR or flow-tools? Thks, eric _______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
