P. 1
Snort Manual-2 8 5 1

Snort Manual-2 8 5 1

|Views: 162|Likes:
Published by rir1986

More info:

Published by: rir1986 on Aug 11, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

10/25/2012

pdf

text

original

The ipopts keyword is used to check if a specific IP option is present.

The following options may be checked:

rr - Record Route

eol - End of list

nop - No Op

ts - Time Stamp

sec - IP Security

esec - IP Extended Security

lsrr - Loose Source Routing

ssrr - Strict Source Routing

satid - Stream identifier

any - any IP options are set

The most frequently watched for IP options are strict and loose source routing which aren’t used in any widespread
internet applications.

Format

ipopts:;

Example

This example looks for the IP Option of Loose Source Routing.

ipopts:lsrr;

137

Warning

Only a single ipopts keyword may be specified per rule.

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->