[Snort-users] tcpdump expressions in a rule

Fyodor fygrave at ...121...
Thu Mar 29 07:40:55 EST 2001


On Wed, Mar 28, 2001 at 11:53:59PM -0600, Kevin Timm wrote:
> Is it possible to put tcpdump style expressions in a rule to match on
> certain things like mss or wscale being set to a certain size?
> Thanks
> Kevin
> 

As far as I know, nope, the best you can do is to specify things in command
line or use (or write, if missing) a plugin which will do this task :)





More information about the Snort-users mailing list