[Snort-sigs] Using PCRE in ICMP header

adrien le jol adrien.lejol at ...2420...
Tue Feb 9 08:32:17 EST 2016


Hi all,
I'm actually trying to write a SNORT rules that check some extra values in
an ICMP header.
As I understood, the values for the headers are fixed (for example
icmp_seq=16).

For a specific case I need to check if the icmp_seq is a match for
different values (multiple of 8).

I tried to use pcre as well but it seems it only look for the DATA part of
the packet, not the header.

I'm kind of stuck here.

thanks in advance for your replies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20160209/3dd1f494/attachment.html>


More information about the Snort-sigs mailing list