[Snort-users] Are we missing some parameters?

Ofir Arkin ofir at ...64...
Fri Nov 3 08:18:47 EST 2000


I was playing around with snort in order to introduce some new rules for
ICMP.
I could not find the following fields to match with snort.

DF bit
Unused Bit
TOS Byte
TOS field
IP ID

Am I missing something here, or we don't have this?


Ofir Arkin  [ofir at ...64...]
Senior Security Analyst
Chief of Grey Hats
ITcon, Israel.
http://www.itcon-ltd.com

Personal Web page: http://www.sys-security.com

"Opinions expressed do not necessarily
represent the views of my employer."





More information about the Snort-users mailing list