Snort mailing list archives
Decoder rule: how to set traffic that must be inspected ?
From: oleg gv via Snort-users <snort-users () lists snort org>
Date: Thu, 17 May 2018 13:40:01 +0300
Hello! I need some given decoder rule inspects all traffic except traffic for some specified src-dst IP pair. Or specify IP pair for which this decoder rule must work only. No header exists for decoder rules. How it can be done ? I do not want to consider solution with second view (it's too globall and complicated) If it is possible: answer me please for snort 2.9 and 3.x Thanks
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Fwd: Decoder rule: how to set traffic that must be inspected ? oleg gv via Snort-users (May 16)
- <Possible follow-ups>
- Decoder rule: how to set traffic that must be inspected ? oleg gv via Snort-users (May 17)