Re: [Snort-users] Rule creation: content keyword

--=-vULPH1Vgh3BABVxhc3yT
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2005-02-06 at 20:13 +0100, mosquitooth@gmx.net wrote:
> just one question: If I specify more than one "content:"[x]"" keyword in =
a
> snort rule - are these content patterns relative towards each other? If s=
o,
> where does a new search for e.g. the second pattern start? At the last by=
te
> of the last (e.g. first) successful match?


It's all explained in the Snort Manual at:
http://www.snort.org/docs/snort_manual/


Specifically this section:
http://www.snort.org/docs/snort_manual/node20.html


Regards,
Frank


--=-vULPH1Vgh3BABVxhc3yT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCBoqIwBQKb2zelzoRAqzbAJ4lRse0rJPBex4vtZzydl P86rNgYQCghOEL
Z1JThVVxAVjtcSEvrB5sSnY=
=Clcy
-----END PGP SIGNATURE-----

--=-vULPH1Vgh3BABVxhc3yT--



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users