Chapter 30 IDP

Table 152 ZyWALL - Snort Equivalent Terms (continued)

ZYWALL TERM

SNORT EQUIVALENT TERM

Same IP

sameip

 

 

Transport Protocol

 

 

 

Transport Protocol: TCP

 

 

 

Port

(In Snort rule header)

 

 

Flow

flow

 

 

Flags

flags

 

 

Sequence Number

seq

 

 

Ack Number

ack

 

 

Window Size

window

 

 

Transport Protocol: UDP

(In Snort rule header)

 

 

Port

(In Snort rule header)

 

 

Transport Protocol: ICMP

 

 

 

Type

itype

 

 

Code

icode

 

 

ID

icmp_id

 

 

Sequence Number

icmp_seq

 

 

Payload Options

(Snort rule options)

 

 

Payload Size

dsize

 

 

Offset (relative to start of

offset

payload)

 

 

 

Relative to end of last match

distance

 

 

Content

content

 

 

Case-insensitive

nocase

 

 

Decode as URI

uricontent

 

 

Note: Not all Snort functionality is supported in the ZyWALL.

512

 

ZyWALL USG 50 User’s Guide