Table 163 zywall - snort equivalent terms – ZyXEL Communications 200 Series User Manual

Chapter 29 IDP

ZyWALL USG 100/200 Series User’s Guide

510

The rule header contains the rule's:

• Action

• Protocol

• Source and destination IP addresses and netmasks

• Source and destination ports information.

The rule option section contains alert messages and information on which parts of the packet
should be inspected to determine if the rule action should be taken.

These are some equivalent Snort terms in the ZyWALL.

Table 163 ZyWALL - Snort Equivalent Terms

ZYWALL TERM

SNORT EQUIVALENT TERM

Type Of Service

tos

Identification

id

Fragmentation

fragbits

Fragmentation Offset

fragoffset

Time to Live

ttl

IP Options

ipopts

Same IP

sameip

Transport Protocol

Transport Protocol: TCP

Port

(In Snort rule header)

Flow

flow

Flags

flags

Sequence Number

seq

Ack Number

ack

Window Size

window

Transport Protocol: UDP

(In Snort rule header)

Port

(In Snort rule header)

Transport Protocol: ICMP

Type

itype

Code

icode

ID

icmp_id

Sequence Number

icmp_seq

Payload Options

(Snort rule options)

Payload Size

dsize

Offset (relative to start of payload)

offset

Relative to end of last match

distance

Content

content

Case-insensitive

nocase

Decode as URI

uricontent