The offset keyword allows the rule writer to specify where to start searching for a pattern within a packet. offset modifies the previous 'content' keyword in the rule.
An offset of 5 would tell Snort to start looking for the specified pattern after the first 5 bytes of the payload.
As this keyword is a modifier to the previous content keyword, there must be a content in the rule before offset is specified.
This keyword allows values from -65535 to 65535.
The value can also be set to a string value referencing a variable extracted by the byte_extract keyword in the same rule.