dsize
The dsize
rule option is used to test a packet's payload size. This option can be specified to look for a packet size that is less than, greater than, equal to, not equal to, less than or equal to, or greater than or equal to a specified integer value. This rule option can also be used to check that a payload size is between a range of numbers, using the <>
range operator for an exclusive range check or the <=>
for an inclusive one.
The valid dsize
number range is 0-65535.
Format:
Single value comparison:
dsize:[<|>|=|!|<=|>=]size;
Range comparison:
dsize:min_size{<>|<=>}max_size;
Examples:
dsize:300<>400;
dsize:>10000;
dsize:<10;