Cisco Cisco Firepower Management Center 4000
18-32
FireSIGHT System User Guide
Chapter 18 Working with Intrusion Events
Using the Packet View
–
P
— the receiver should push data
–
R
— reset the connection
–
S
— synchronize sequence numbers to start a new connection
–
F
— the sender has finished sending data
Window size
The amount of unacknowledged data, in bytes, that the receiving host will accept.
Checksum
The indicator for whether the TCP checksum is valid. If the checksum is invalid, the datagram may
have been corrupted during transit or may be being used in an in evasion attempt.
have been corrupted during transit or may be being used in an in evasion attempt.
Urgent Pointer
The position, if present, in the TCP segment where the urgent data ends. Used in conjunction with
the
the
U
flag.
Options
The values, if present, for TCP options.
UDP Packet View
License:
Protection
This section describes the protocol-specific information for a UDP packet.
Source port
The number that identifies the originating application protocol.
Destination port
The number that identifies the receiving application protocol.
Length
The combined length of the UDP header and data.
Checksum
The indicator for whether the UDP checksum is valid. If the checksum is invalid, the datagram may
have been corrupted during transit.
have been corrupted during transit.
ICMP Packet View
License:
Protection
This section describes the protocol-specific information for an ICMP packet.
Type
The type of ICMP message:
–
0 — echo reply
–
3 — destination unreachable