SNORT – Content Modifier – Offset

In the last post, I explained how content keyword is used to detect a pattern within the payload of a packet. There are numerous modifiers that can be used in conjunction with the keyword to modify pattern matching behaviours. In this post, we will discuss Offset keyword. Offset indicates the starting byte for pattern matching. … 

 

SNORT – content matching

I have been playing around with SNORT lately. One of the key features of SNORT is to detect specific pattern encapsulated within payload of a packet. Content keyword is used to perform pattern matching within the payload. The pattern to be matched is specified as a parameter of the keyword, either in string format or …