The purpose of this research is to show that TCP/IP header fields can be used to flag packets that do not occur as often in training data and that those packets may potentially be attack packets.