Snort mailing list archives
Using PCRE in ICMP header
From: adrien le jol <adrien.lejol () gmail com>
Date: Tue, 9 Feb 2016 14:32:17 +0100
Hi all, I'm actually trying to write a SNORT rules that check some extra values in an ICMP header. As I understood, the values for the headers are fixed (for example icmp_seq=16). For a specific case I need to check if the icmp_seq is a match for different values (multiple of 8). I tried to use pcre as well but it seems it only look for the DATA part of the packet, not the header. I'm kind of stuck here. thanks in advance for your replies
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Using PCRE in ICMP header adrien le jol (Feb 09)