Example

    alert udp any any -> any 32770:34000 (content:"|00 01 86 B8|"; \
        content:"|00 00 00 01|"; distance:4; within:4; \
        byte_jump:4, 12, relative, align; \
        byte_test:4, >, 900, 20, relative; \
        msg:"statd format string buffer overflow";)