This modifier allows to specify a transport level protocol to which the signature will be applied:
.protocol=<MODE>;
where <MODE> can take following values:
-
icmp: ICMP protocol traffic analysis
-
udp: UDP protocol traffic analysis
-
tcp: TCP protocol traffic analysis
Note Only one protocol can be specified. If no protocol is specified, then the signature will be applied only to TCP and UDP traffic.