[Snort-sigs] Using PCRE in ICMP header
adrien le jol
adrien.lejol at ...2420...
Tue Feb 9 08:32:17 EST 2016
I'm actually trying to write a SNORT rules that check some extra values in
an ICMP header.
As I understood, the values for the headers are fixed (for example
For a specific case I need to check if the icmp_seq is a match for
different values (multiple of 8).
I tried to use pcre as well but it seems it only look for the DATA part of
the packet, not the header.
I'm kind of stuck here.
thanks in advance for your replies
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs