icmp_id

The icmp_id rule option is used to check that an ICMP ID value is less than, greater than, equal to, not equal to, less than or equal to, or greater than or equal to a specified integer value. This rule option can also check that ICMP ID value is between a range of numbers, using the <> range operator for an exclusive range check or the <=> for an inclusive one.

Format:

Single value comparison:
icmp_id:[<|>|=|!|<=|>=]icmp_id;
Range comparison:
icmp_id:icmp_id_min{<>|<=>}icmp_id_max;

Examples:

# Check for an ICMP ID value of 0 
icmp_id:0;