Cisco Cisco Firepower Management Center 4000
26-17
FireSIGHT System User Guide
Chapter 26 Using Transport & Network Layer Preprocessors
Understanding Packet Decoding
Because these are experimental options, some systems do not account for them and may be open to
exploits.
exploits.
Note
In addition to the experimental options listed in the above table, the system considers any
TCP option with an option number greater than 26 to be experimental.
TCP option with an option number greater than 26 to be experimental.
You can enable rule 116:58 to generate events for this option. See
for more information.
Detect Obsolete TCP Options
Detects TCP headers with obsolete TCP options. Because these are obsolete options, some systems
do not account for them and may be open to exploits. The following table describes these options.
do not account for them and may be open to exploits. The following table describes these options.
You can enable rule 116:57 to generate events for this option. See
for more information.
Detect T/TCP
Detects TCP headers with the CC.ECHO option. The CC.ECHO option confirms that TCP for
Transactions (T/TCP) is being used. Because T/TCP header options are not in widespread use, some
systems do not account for them and may be open to exploits.
Transactions (T/TCP) is being used. Because T/TCP header options are not in widespread use, some
systems do not account for them and may be open to exploits.
You can enable rule 116:56 to generate events for this option. See
for more information.
14
Alternate Checksum Request
15
Alternate Checksum Data
18
Trailer Checksum
20
Space Communications Protocol Standards (SCPS)
21
Selective Negative Acknowledgements (SCPS)
22
Record Boundaries (SCPS)
23
Corruption (SPCS)
24
SNAP
26
TCP Compression Filter
TCP Option
Description
TCP Option
Description
6
Echo
7
Echo Reply
16
Skeeter
17
Bubba
19
MD5 Signature
25
Unassigned