Snort mailing list archives
payload clarification
From: "Hudak, Tyler" <Tyler.Hudak () roadway com>
Date: Wed, 21 Jan 2004 14:37:25 -0500
What does Snort consider the payload when its looking at packets? Its pretty easy to determine that with TCP, UDP or ICMP rules the payload is everything after the TCP, UDP or ICMP headers. However, in an IP rules, is the encapsulated protocol's headers (TCP, UDP, ICMP, etc) considered part of the payload? Tyler
Current thread:
- payload clarification Hudak, Tyler (Jan 21)
- Re: payload clarification Jeremy Hewlett (Jan 31)