Snort startup log

[Nathan Duval via Snort-users <snort-users () lists snort org>]

Hi, I am relatively new to Snort, and I was interested in this information
in the startup log:

[Rule Port Counts]
         tcp     udp    icmp      ip
 src    10      12        0       0
 dst    10       20        0       0
 any    10       6       5      11
  nc     10       3       7       5
 s+d    10       7       0       0

Though I wanted to make sure I am understanding this correctly.

Based on what I have pasted above, it is stating that I have 10 rules with
tcp as the source, and 10 with tcp as the dest?

Also, I have 10 using tcp any, and 6 using udp any?

So, I am wondering if this is the correct interpretation of that data, but
also I was looking for clarity on s+d and nc.  Is s+d bidirectional rules?
NC... rules with no content match?  (just guessing =))

Thanks for any info!

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette