Structure of TCP/IP Protocol Rules

Both types of TCP/IP protocol rules share the same basic structure. The Identify section contains attributes specific to the rule type. The Conditions section contains additional conditions that can be specified to avoid "detecting" protocols where they should not be detected (in cases where server responses coincidentally resemble protocols).
<TcpRuleRecvProto>
  <Name>Sample TCP RecvProto Rule</Name>
  <Active>true</Active>
  <Identify>
    …
  </Identify>
  <Conditions>
    …
  </Conditions>
</TcpRuleRecvProto>

<TcpRuleRecvUntil>
  <Name>Sample TCP RecvUntil Rule</Name>
  <Active>true</Active>
  <Identify>
    …
  </Identify>
  <Conditions>
    …
  </Conditions>
</TcpRuleRecvUntil>