[Oisf-devel] Suricata rule for finding packets without flags set ?
Victor Julien
victor at inliniac.net
Tue Jun 28 08:42:24 UTC 2016
On 27-06-16 08:47, Sherine Davis (Security Engineering) wrote:
> Umm unfortunately that's not working
Please stay on list.
I just tested the rule and it works for me. Can you be more specific
about what you tried?
Regards,
Victor
>
> On Fri, Jun 24, 2016 at 11:17 AM, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>> wrote:
>
> On 23-06-16 12:04, Sherine Davis (Security Engineering) wrote:
> > It would be great if someone could tell me the rule that can be used to
> > check for packets with null flags ?
>
> A rule with 'flags:0;' should do it I think.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list:
> oisf-devel at openinfosecfoundation.org
> <mailto:oisf-devel at openinfosecfoundation.org>
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Paris Sept 12-16:
> http://suricata-ids.org/training/
>
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list