Wireshark · Display Filter Reference: Snort Alerts

Display Filter Reference: Snort Alerts

Protocol field name: snort

Versions: 2.4.0 to 4.4.1

Field name	Description	Type	Versions
snort.alert.expert	Snort alert detected	Label	2.4.0 to 4.4.1
snort.class	Alert Classification	Character string	2.4.0 to 4.4.1
snort.content	Content	Character string	2.4.0 to 4.4.1
snort.content.not-matched	Failed to find content field of alert in frame	Label	2.4.0 to 4.4.1
snort.generator	Rule Generator	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.global-stats	Global Stats	Character string	2.4.0 to 4.4.1
snort.global-stats.match-number	Match number	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.global-stats.rule-count	Number of rules	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.global-stats.rule-file-count	Number of rule files	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.global-stats.rule.alerts-count	Number of alerts for this rule	Unsigned integer (32 bits)	3.4.0 to 4.4.1
snort.global-stats.rule.match-number	Match number for this rule	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.global-stats.total-alerts	Number of alerts detected	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.msg	Alert Message	Character string	2.4.0 to 4.4.1
snort.pcre	PCRE	Character string	2.4.0 to 4.4.1
snort.priority	Alert Priority	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.protocol	Protocol	Character string	2.4.0 to 4.4.1
snort.raw-alert	Raw Alert	Character string	2.4.0 to 4.4.1
snort.reassembled_from	Segment where alert was triggered	Frame number	2.4.0 to 4.4.1
snort.reassembled_in	Reassembled frame where alert is shown	Frame number	2.4.0 to 4.4.1
snort.reference	Reference	Character string	2.4.0 to 4.4.1
snort.rev	Rule Revision	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.rule	Rule	Character string	2.4.0 to 4.4.1
snort.rule-filename	Rule Filename	Character string	2.4.0 to 4.4.1
snort.rule-ip-var	IP variable	Label	2.4.0 to 4.4.1
snort.rule-line-number	Line number within rules file where rule was parsed from	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.rule-port-var	Port variable used in rule	Label	2.4.0 to 4.4.1
snort.rule-string	Rule String	Character string	2.4.0 to 4.4.1
snort.sid	Rule SID	Unsigned integer (32 bits)	2.4.0 to 4.4.1
snort.uricontent	URI Content	Character string	2.4.0 to 4.4.1