Snort mailing list archives
Re: Offset
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Fri, 1 Jul 2016 18:01:15 +0000
However, the answer is yes. Offset will always start from the beginning of the data portion of the packet. So, you can go back to the beginning of the packet if you need to, but you should try to avoid it, for speed. -- Joel Esler Manager, Talos Group
On Jun 30, 2016, at 10:59 AM, Al Lewis (allewi) <allewi () cisco com> wrote: I think Joel has given a good explanation here: http://blog.joelesler.net/2010/03/offset-depth-distance-and-within.html Albert Lewis QA SNORT/Sourcefire SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Email: allewi () cisco com On 6/30/16, 10:09 AM, "Fincham, Greg L. CTN2" <gfincham () ncdoc navy mil> wrote:Can you use the "Offset" modifier twice in the same signature?------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Offset Joel Esler (jesler) (Jul 01)