We have a need to check the arrival time of two relative packets, like packet1 and packet2, if packet2 arrives too late after packet1, we want an alert for it.
Is it possible to write a rule for this? I go through the suricata's doc and feel like it's possible to do so, but I could not figure out how to get the arrival timestamp of a packet in suricata's rule.
