[Snort-users] Query on the format of 'icode' and 'itype' options

Suresh Kumar J suresh.kumar.j at ...11827...
Wed Apr 4 01:28:41 EDT 2007


Hi!

I have a question on the format of the 'icode' and 'itype' options
since it seems to cause confusion.

Below is the format of the 'itype' and 'icode' options as defined in v2.6.x:
itype: [<|>]<number>[<><number>];
icode: [<|>]<number>[<><number>];

With this format, I know that the following options are valid:
(itype:<41;)
(itype:>80;)
(itype:41<>80;)

I wanted to know whether or not the following options are valid and
really make sense:
(itype:>41<80)
(itype:>41<>80)
(itype:<41<>80)
(itype:>41>80)
(itype:<41<80)

Appreciate your inputs.

--
Thanks and Regards,
Suresh Kumar J




More information about the Snort-users mailing list