[Snort-users] tcpdump expressions in a rule
fygrave at ...121...
Thu Mar 29 07:40:55 EST 2001
On Wed, Mar 28, 2001 at 11:53:59PM -0600, Kevin Timm wrote:
> Is it possible to put tcpdump style expressions in a rule to match on
> certain things like mss or wscale being set to a certain size?
As far as I know, nope, the best you can do is to specify things in command
line or use (or write, if missing) a plugin which will do this task :)
More information about the Snort-users