[Oisf-users] Rules matching packet sequences rather than individual packets?
rmkml
rmkml at yahoo.fr
Sun Jan 6 20:17:09 UTC 2013
Hi Matt,
Yes it's possible with flowbits...
Can you share a pcap please?
Regards
Rmkml
On Sun, 6 Jan 2013, Matt wrote:
> Is it possible to write a rule that matches a sequence of packets in a flow?
> My specific use case is that I'd like to match HTTP requests sent across
> SOCKS5 proxy tunnels. I can easily write a rule to match a SOCKS5 handshake
> or an HTTP request, but I don't know if it's possible to match the request
> only when it follows the handshake in a given tcp session.
>
> - Matt
More information about the Oisf-users
mailing list