[Snort-sigs] How to filter by only the first 3 bytes of data?
bmc at ...95...
Wed Jul 7 07:29:10 EDT 2004
On Tue, Jul 06, 2004 at 07:25:42PM -0700, Joseph Gama wrote:
> I am a newbie, so be gentle, ok? :)
We are, mostly. :)
> I am trying to create a rule that will look for the
> first 3 bytes of data in a UDP packet to se if they
> match 0x083A1.
Uh, except thats not what your rule looks for.
> content:"|08 3A 31|"; depth:3;
content:"|00 83 A1|"; depth:3;
More information about the Snort-sigs