[Snort-sigs] Differences between versions
nagasaka at ...2239...
Tue Feb 17 17:22:01 EST 2004
I'm trying to detect a TLS application data packet which has
the certain payload size. So I wrote the following rule.
(in practical rules, I'd like to add a dsize option, of course)
alert tcp any any <> any any (msg:"Certain Packet!"; content:"|17 03 01|";
However, this does not work on the following environments:
while this works on the following environment:
Does anyone know the reason?
Please let me know any informations if possible.
Thanks in advance for your helps,
Text by Kosaku Nagasaka. [E-mail: nagasaka at ...2239...]
<Remember, success comes in "cans", failure comes in "can'ts".>
*****Note that I may read E-mails in the Text format only.*****
More information about the Snort-sigs