Chapter 29 IDP
The rule header contains the rule's:
•Action
•Protocol
•Source and destination IP addresses and netmasks
•Source and destination ports information.
The rule option section contains alert messages and information on which parts of the packet should be inspected to determine if the rule action should be taken.
These are some equivalent Snort terms in the ZyWALL.
Table 163 ZyWALL - Snort Equivalent Terms
ZYWALL TERM | SNORT EQUIVALENT TERM |
Type Of Service | tos |
|
|
Identification | id |
|
|
Fragmentation | fragbits |
|
|
Fragmentation Offset | fragoffset |
|
|
Time to Live | ttl |
|
|
IP Options | ipopts |
|
|
Same IP | sameip |
|
|
Transport Protocol |
|
|
|
Transport Protocol: TCP |
|
|
|
Port | (In Snort rule header) |
|
|
Flow | flow |
|
|
Flags | flags |
|
|
Sequence Number | seq |
|
|
Ack Number | ack |
|
|
Window Size | window |
|
|
Transport Protocol: UDP | (In Snort rule header) |
|
|
Port | (In Snort rule header) |
|
|
Transport Protocol: ICMP |
|
|
|
Type | itype |
|
|
Code | icode |
|
|
ID | icmp_id |
|
|
Sequence Number | icmp_seq |
|
|
Payload Options | (Snort rule options) |
|
|
Payload Size | dsize |
|
|
Offset (relative to start of payload) | offset |
|
|
Relative to end of last match | distance |
|
|
Content | content |
|
|
nocase | |
|
|
Decode as URI | uricontent |
|
|
510 |
| |
ZyWALL USG 100/200 Series User’s Guide |
| |
|
|
|