[Snort-users] Snort-users Digest, Vol 3, Issue 30

wkitty42 at windstream.net wkitty42 at windstream.net
Wed Aug 23 05:22:55 EDT 2017


On 08/23/2017 03:41 AM, flipsdd at sina.com wrote:
> Hello, I have some rules. The key words are not clear. They are :
> 1.byte_extract
> 2.flowbits
> 3.within:cipsize;

1st, please don't quote the entire digest... just quote the one message you are 
replying to... if you are starting a new message, don't cheat and reply to an 
existing one... that's hijacking... write a new one message, instead...

2. google is your friend ;)

byte_extract:
https://www.google.com/search?q=snort+byte_extract
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node32.html#SECTION004533000000000000000

flowbits:
https://www.google.com/search?q=snort+flowbits
https://www.snort.org/faq/readme-flowbits
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004610000000000000000

within:cipsize:
https://www.google.com/search?q=snort+within%3Acipsize
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node32.html#SECTION004510000000000000000


please be more specific with your query if the above links do not answer your 
question...


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*



More information about the Snort-users mailing list