[Snort-users] Decoder rule: how to set traffic that must be inspected ?

oleg gv oagvozd at gmail.com
Thu May 17 06:40:01 EDT 2018


Hello!

I need some given decoder rule inspects all traffic except traffic for some
specified src-dst IP pair.  Or specify IP pair for which this decoder rule
must work only.

No header exists for decoder rules. How it can be done ?

I do not want to consider solution with second view (it's too globall and
complicated)

If it is possible: answer me please for snort 2.9 and 3.x

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180517/f7096197/attachment.html>


More information about the Snort-users mailing list