next up previous contents
Next: stream_size Up: stream_reassemble Previous: Format   Contents

Example

For example, to disable TCP reassembly for client traffic when we see a HTTP 200 Ok Response message, use: 

    alert tcp any 80 -> any any (flow:to_client, established; content:"200 OK";
       stream_reassemble:disable,client,noalert;)


Eugene Misnik 2013-05-08