Results 1 to 1 of 1
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Sep 2003
snort rule writing - TCP Offset 0
I've recently seen some packets on an IDS with an Offset of 0 (zero) in the TCP Header. Is there an argument in the snort rule syntax to check this offset? I've looked in the handbook on snort.org and all I've found is "offset" which is for searching payload content and "fragoffset" which doesn't seem to be what I'm looking for. I see arguments for other items in the TCP header, but so far nothing for the Offset.