[Oisf-users] Rules matching packet sequences rather than individual packets?

[Matt]

Is it possible to write a rule that matches a sequence of packets in a 
flow?  My specific use case is that I'd like to match HTTP requests sent 
across SOCKS5 proxy tunnels.  I can easily write a rule to match a 
SOCKS5 handshake or an HTTP request, but I don't know if it's possible 
to match the request only when it follows the handshake in a given tcp 
session.

- Matt