[Snort-users] Matching both TCP and UDP packets

Matt Olney molney at ...1935...
Wed Oct 15 08:54:09 EDT 2008


You can do IP only rules, but it won't be port aware.  If you are, for
example, looking to see traffic to TCP/3333 and UDP/3333 you'll have to
write two rules.  On the other hand, if you just want to find some content,
regardless of port or protocol, you can write a single IP rule.

Matt

On Tue, Oct 14, 2008 at 10:50 PM, Rayne <hjazz6 at ...14432...> wrote:

> Hi,
>
> If I want to match both TCP and UDP packets, can I use IP as the protocol
> in my rule header, or do I have to duplicate my rule for both TCP and UDP?
>
> Thank you.
>
> Regards,
> Rayne
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081015/161c2b9a/attachment.html>


More information about the Snort-users mailing list