Snort mailing list archives

Question about searching in packet headers

From: Fedor Niskov via Snort-sigs <snort-sigs () lists snort org>
Date: Sat, 17 Oct 2020 21:46:24 +0300

Hello, excuse me, I have a question about Snort rules: can I do search in packet headers? I know about the 'content' option, 
but it performs searching only in payload; however, I'd like to check presence of some byte sequences in headers.

It would be useful to search in headers; for instance, I need to check some TCP options, but Snort non-payload rule options 
don't support it; if I could search for specific bytes in TCP header, I would be able to perform these checks.

(Fedor Niskov)

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" 
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Question about searching in packet headers Fedor Niskov via Snort-sigs (Oct 18)
- Re: Question about searching in packet headers Santosh Subramanya via Snort-sigs (Oct 18)
  - Re: Question about searching in packet headers Fedor Niskov via Snort-sigs (Oct 19)
    - Re: Question about searching in packet headers Santosh Subramanya via Snort-sigs (Oct 20)
- Re: Question about searching in packet headers Joel Esler (jesler) via Snort-sigs (Oct 20)