Creating custom signatures

Custom signatures

Table 6: TCP header keywords

Keyword and Value

Description

 

 

--ack <ack_int>;

Check for the specified TCP acknowledge

 

number.

--dst_port [!]{<port_int>

The destination port number.

:<port_int> <port_int>:

You can specify a single port or port range:

<port_int>:<port_int>};

<port_int> is a single port.

 

:<port_int> includes the specified port and

 

all lower numbered ports.

 

<port_int>: includes the specified port and

 

all higher numbered ports.

 

<port_int>:<port_int> includes the two

 

specified ports and all ports in between.

--seq <seq_int>;

Check for the specified TCP sequence number.

--src_port [!]{<port_int>

The source port number.

:<port_int> <port_int>:

You can specify a single port or port range:

<port_int>:<port_int>};

<port_int> is a single port.

 

:<port_int> includes the specified port and

 

all lower numbered ports.

 

<port_int>: includes the specified port and

 

all higher numbered ports.

 

<port_int>:<port_int> includes the two

 

specified ports and all ports in between.

 

FortiGate IPS User Guide Version 3.0 MR7

30

01-30007-0080-20080916

Page 30
Image 30
Fortinet IPS manual TCP header keywords Keyword and Value Description