[Snort-users] question about snort rules

Fernando Villegas fava.007 at ...11827...
Wed Sep 11 16:44:48 EDT 2013


Hi,
I'm working with snort and I'd like to know if snort can to detect the
following:

- Packages with especific frame size.
- IP fields

For example (look the image): I need to detect packages that have a size of
frame equals 110 bytes (green box). and that the payload of the IP protocol
is equal to 56 (red box).
How could I do it?. Note that the message sent is an ICMPv6 and need to
analyze ICMP previous layers, namely IP and the overall size of the package.
beforehand, thanks for your help

-- 
Atentamente,
*Fernando Antonio Villegas Acevedo*
Estudiante Ingeniería Civil en Informática y Telecomunicaciones
*Universidad Diego Portales*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130911/56e35f81/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Captura.JPG
Type: image/jpeg
Size: 97726 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130911/56e35f81/attachment.jpe>


More information about the Snort-users mailing list