Snort mailing list archives

Re: Is there way to use more than three byte_extracts option per rule?

From: Graham Bignell via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 5 Jul 2019 09:16:17 -0400

If you are allowed to share the rule you are working on, please post it to
the list.

//Graham

On Fri, Jul 5, 2019 at 8:56 AM 최성규 via Snort-sigs <
snort-sigs () lists snort org> wrote:

I want to use more than 3 byte_extracts option per rule



But snort 2.9.13 does not support i know



So is there any way to use other options to replace this?



I used nested rule with flowbits, But it didn't work


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure
to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Is there way to use more than three byte_extracts option per rule? 최성규 via Snort-sigs (Jul 05)
- Re: Is there way to use more than three byte_extracts option per rule? Graham Bignell via Snort-sigs (Jul 05)