[Snort-users] Query on the format of 'icode' and 'itype' options

Suresh Kumar J suresh.kumar.j at ...11827...
Wed Apr 4 03:08:20 EDT 2007


Just to clarify, I have used '41' and '80' just as an example. My
question was on the syntax of the 'itype' and 'icode' constructs...


On 4/4/07, Suresh Kumar J <suresh.kumar.j at ...11827...> wrote:
> Hi!
>
> I have a question on the format of the 'icode' and 'itype' options
> since it seems to cause confusion.
>
> Below is the format of the 'itype' and 'icode' options as defined in v2.6.x:
> itype: [<|>]<number>[<><number>];
> icode: [<|>]<number>[<><number>];
>
> With this format, I know that the following options are valid:
> (itype:<41;)
> (itype:>80;)
> (itype:41<>80;)
>
> I wanted to know whether or not the following options are valid and
> really make sense:
> (itype:>41<80)
> (itype:>41<>80)
> (itype:<41<>80)
> (itype:>41>80)
> (itype:<41<80)
>
> Appreciate your inputs.
>
> --
> Thanks and Regards,
> Suresh Kumar J
>


-- 
Thanks and Regards,
Suresh Kumar J




More information about the Snort-users mailing list