[Snort-sigs] How to catch a ICMP packet based on content.

Errit Müller ejm at ...302...
Wed Jan 23 06:56:06 EST 2002

Hi all

Can someone please help me create a rule that will alert if the ICMP packet
contains a special patter like "hallo" or something like that.
Have tryed the following but it did not work.
alert icmp any any -> any any (msg:"Hallo in packet"; content: "hallo";
reference:arachnids,449; classtype:attempted-recon; sid:467; rev:1;)

Brgds /Errit

More information about the Snort-sigs mailing list