Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Using PCRE in ICMP header

From: adrien le jol <adrien.lejol () gmail com>
Date: Tue, 9 Feb 2016 14:32:17 +0100
Hi all,
I'm actually trying to write a SNORT rules that check some extra values in
an ICMP header.
As I understood, the values for the headers are fixed (for example
icmp_seq=16).

For a specific case I need to check if the icmp_seq is a match for
different values (multiple of 8).

I tried to use pcre as well but it seems it only look for the DATA part of
the packet, not the header.

I'm kind of stuck here.

thanks in advance for your replies

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: