The previous chapter provided an introduction to Snort, in general, and Snort rules. As you will recall, a Snort rule is composed of a rule header, which was examined in detail in the previous chapter, and a rule option, which will be covered thoroughly in this chapter.

The rule header supplies the action that will be applied if the rule is triggered. It details the source and destination IP addresses and ports, the protocol, and the direction of the traffic flow. The rule header can be used alone to form a rule, but it is usually followed by a rule option to provide more detail about the packet attributes. Ironically, ...