Good Analysis = Understanding(tools + logs + normal), (Fri, Sep 29th)

We had a reader send an email in a couple of weeks ago asking about understanding the flags field when looking at data in a report.   He didn’t understand what the “flags” were referring to or what the actual flags mean. “They don’t appear related to TCP header flags like I’ve normally seen…S is the most common but I occasionally see RSA, RUS and a few others.”

Article Link: https://isc.sans.edu/diary/rss/22880