Snort mailing list archives

Previous By Date Next
Previous By Thread Next

TCP HEADER (options -> data)

From: Marcio Guerreiro <marcio.guerreiro () hotmail co uk>
Date: Fri, 19 Jun 2015 20:13:26 +0100
Hi all

 

I am looking to my SNORT log via Barnyard and I would like to create a rule
to detect  that field data( the rule I am running at the moment capture any
activity). I am confused because it is not payload and I could not find
which keyword I would have to use to find that data field there. Does
anybody knows any document where I could read about it ?

 

 



 

Thank you

 

Marcio



------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: