dsize

The dsize rule option is used to test a packet's payload size. This option can be specified to look for a packet size that is less than, greater than, equal to, not equal to, less than or equal to, or greater than or equal to a specified integer value. This rule option can also be used to check that a payload size is between a range of numbers, using the <> range operator for an exclusive range check or the <=> for an inclusive one.

The valid dsize number range is 0-65535.

Format:

Single value comparison:

dsize:[<|>|=|!|<=|>=]size;

Range comparison:

dsize:min_size{<>|<=>}max_size;

Examples:

dsize:300<>400;

dsize:>10000;

dsize:<10;