[Snort-users] Dynamic rules
attwell at ...461...
Fri Jan 26 09:53:03 EST 2001
In reading through some of the dynamic rule documentation I could find no clue to the following.
In the case that a packet trips a specific signature, on a content base, I would like to be able
to log the entire conversation from that point, i.e. all packets coming from that source
until a packet limit is reached or until a tcp fin is seen.
Is there a way to dynamically access the ip/tcp/udp header information from the packet that triggered
the initial alert ?
5520 Research Park Drive
Madison, WI 53711
attwell at ...460...
Berbee... putting the E in business.
More information about the Snort-users