I can create a detection rule using headers, or a detection rule using content, so I want an entire packet(header + payload).
From a different point of my question,
- Can I get only the header(of packet) or only the content(of packet) when it is detected?
- Can a detection event trigger a raw packet capturing?