[Snort-sigs] question about snort rules

Fernando Villegas fava.007 at ...2420...
Thu Sep 12 19:43:31 EDT 2013

I'm working with snort and I'd like to know if snort can to detect the

- Packages with especific frame size.
- IP fields

For example (look the image): I need to detect packages that have a size of
frame equals 110 bytes (green box). and that the payload of the IP protocol
is equal to 56 (red box).
How could I do it?. Note that the message sent is an ICMPv6 and need to
analyze ICMP previous layers, namely IP and the overall size of the package.
beforehand, thanks for your help

*Fernando Antonio Villegas Acevedo*
Estudiante Ingeniería Civil en Informática y Telecomunicaciones
*Universidad Diego Portales*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130912/f1d69795/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Captura.JPG
Type: image/jpeg
Size: 97726 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20130912/f1d69795/attachment.jpe>

More information about the Snort-sigs mailing list