| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: Format Up: Non-Payload Detection Rule Options Previous: Format Contents
flowbits
The flowbits rule option is used in conjunction with conversation
tracking from the Flow preprocessor (see Section![[*]](file:/usr/share/latex2html/icons/crossref.png){kind=icon}
). It allows
rules to track states across transport protocol sessions. The flowbits option
is most useful for TCP sessions, as it allows rules to generically track the
state of an application protocol.
There are seven keywords associated with flowbits. Most of the options need a user-defined name for the specific state that is being checked. This string should be limited to any alphanumeric string including periods, dashes, and underscores.
| Option | Description |
| set | Sets the specified state for the current flow. |
| unset | Unsets the specified state for the current flow. |
| toggle | Sets the specified state if the state is unset, otherwise unsets the state if the state is set. |
| isset | Checks if the specified state is set. |
| isnotset | Checks if the specified state is not set. |
| noalert | Cause the rule to not generate an alert, regardless of the rest of the detection options. |
Subsections
Next: Format Up: Non-Payload Detection Rule Options Previous: Format Contents Steven Sturges 2006-12-08
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |