IDS - Snort - Snort Rule Format
- Snort Rule Header
- Sample Rule

IDS - Snort - Snort Rule Format

Snort Rule Header

Action

Protocol

Source Address

Source Port

Direction

Destination Address

Destination Port

NOTE:

Action:
- alert: Display an alert.
- log: Write to Log.
- pass: Pass.
Direction:
- →: Inwards.
- ←: Outwards.
- <>: Either direction.

Sample Rule

alert tcp any any -> any any(msg: "Testing Alert" ; sid:1000001)

alert tcp any 21 -> 192.168.1.123 any (msg: "TCP Packet on Port 21 is Detected";sid:100010)

log tcp !192.168.0/24 any -> 192.168.0.33 (msg: "Remote access" ; )

log tcp any any -> 192.168.1.0/24 !6000:6010

NOTE: This is comprised of the:

Rule Header:
Rule Option:

Table of Contents

IDS - Snort - Snort Rule Format

Snort Rule Header

Sample Rule