Snort mailing list archives

Previous By Date Next
Previous By Thread Next

payload clarification

From: "Hudak, Tyler" <Tyler.Hudak () roadway com>
Date: Wed, 21 Jan 2004 14:37:25 -0500
What does Snort consider the payload when its looking at packets?  Its
pretty easy to determine that with TCP, UDP or ICMP rules the payload is
everything after the TCP, UDP or ICMP headers.  

However, in an IP rules, is the encapsulated protocol's headers (TCP, UDP,
ICMP, etc) considered part of the payload?

Tyler
Previous By Date Next
Previous By Thread Next

Current thread: