next up previous contents
Next: flowbits Up: flow Previous: Format   Contents

Examples 

    alert tcp !$HOME_NET any -> $HOME_NET 21 (msg:"cd incoming detected"; \
        flow:from_client; content:"CWD incoming"; nocase;)

    alert tcp !$HOME_NET 0 -> $HOME_NET 0 (msg:"Port 0 TCP traffic"; \
        flow:stateless;)


Eugene Misnik 2013-05-08