snort local rule

you can write your own rule for testing snort, or to detect specific pattern you desire. a simple icmp sample as below. sid is needed for newer version.

alert icmp any any -> any any (msg: "ICMP traffic"; sid:001;)