Snort mailing list archives

Previous By Date Next
Previous By Thread Next

question about snort rules

From: Fernando Villegas <fava.007 () gmail com>
Date: Thu, 12 Sep 2013 20:42:50 -0300
Hi,
I'm working with snort and I'd like to know if snort can to detect the
following:

- Packages with especific frame size.
- IP fields

For example (look the image): I need to detect packages that have a size of
frame equals 110 bytes (green box). and that the payload of the IP protocol
is equal to 56 (red box).
How could I do it?. Note that the message sent is an ICMPv6 and need to
analyze ICMP previous layers, namely IP and the overall size of the package.
beforehand, thanks for your help

-- 
Atentamente,
*Fernando Antonio Villegas Acevedo*
Estudiante Ingeniería Civil en Informática y Telecomunicaciones
*Universidad Diego Portales*


------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: