Snort mailing list archives
Question about searching in packet headers
From: Fedor Niskov via Snort-sigs <snort-sigs () lists snort org>
Date: Sat, 17 Oct 2020 21:46:24 +0300
Hello, excuse me, I have a question about Snort rules: can I do search in packet headers? I know about the 'content' option, but it performs searching only in payload; however, I'd like to check presence of some byte sequences in headers. It would be useful to search in headers; for instance, I need to check some TCP options, but Snort non-payload rule options don't support it; if I could search for specific bytes in TCP header, I would be able to perform these checks. (Fedor Niskov) _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Question about searching in packet headers Fedor Niskov via Snort-sigs (Oct 18)
- Re: Question about searching in packet headers Santosh Subramanya via Snort-sigs (Oct 18)
- Re: Question about searching in packet headers Fedor Niskov via Snort-sigs (Oct 19)
- Re: Question about searching in packet headers Santosh Subramanya via Snort-sigs (Oct 20)
- Re: Question about searching in packet headers Fedor Niskov via Snort-sigs (Oct 19)
- Re: Question about searching in packet headers Joel Esler (jesler) via Snort-sigs (Oct 20)
- Re: Question about searching in packet headers Santosh Subramanya via Snort-sigs (Oct 18)