[Snort-sigs] Counting packets - Flow

Gurgen Hakobyan hakobyan at ...3751...
Wed Mar 23 22:56:34 EDT 2016


Is there a way to save a flow in Snort and count some type of packets within that flow?

Let’s say my HTTP server gets contacted by a client, I save that flow and start counting the ACKs (or RST, etc.) that I send back to client? So once the counter reaches threshold, the alert is raised?


More information about the Snort-sigs mailing list