ack
The ack
rule option is used to check that the TCP header acknowledgment number is less than, greater than, equal to, not equal to, less than or equal to, or greater than or equal to a specified integer value. This rule option can also check that the acknowlegment number is between a range of numbers, using the <>
range operator for an exclusive range check or the <=>
for an inclusive one.
Format:
Single value comparison:
ack:[<|>|=|!|<=|>=]ack;
Range comparison:
ack:ack_min{<>|<=>}ack_max;
Examples:
# Look for an acknowledgment number of 0
ack:0;
# Look for an acknowledgment number between
# 0 and 1000 (inclusive)
ack:0<=>1000;