[Snort-users] Decoder rule: how to set traffic that must be inspected ?
oagvozd at gmail.com
Thu May 17 06:40:01 EDT 2018
I need some given decoder rule inspects all traffic except traffic for some
specified src-dst IP pair. Or specify IP pair for which this decoder rule
must work only.
No header exists for decoder rules. How it can be done ?
I do not want to consider solution with second view (it's too globall and
If it is possible: answer me please for snort 2.9 and 3.x
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users