TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
TCPdump & Snort - Intrusion Detection Systems
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Rule Options for Payload II<br />
Modifiers thereafter, apply only to single preceding option<br />
nocase ignores case for content and uricontent<br />
offset: n start only n bytes into payload<br />
depth: m stop after m bytes<br />
distance: n start searching n bytes after previous content match<br />
within: n distance between this content match and previous is<br />
at most n bytes<br />
isdataat: n [,relative] payload data at position n,<br />
optionally relative to previous content match<br />
rawbytes look at raw bytes instead of decoded traffic<br />
http_client_body restrict search to HTTP body<br />
http_header restrict search to HTTP header<br />
<strong>TCPdump</strong> & <strong>Snort</strong> Thomas Fischer February 3, 2010 Page 19