Protocol-specific Contexts for Situation elements
The protocol-specific Contexts are used to detect a particular characteristic in the network traffic.
For example, you can detect a certain option number used in IP packets, or set the maximum length for particular arguments in FTP commands.
For Contexts that have particular values to be filled in (instead of a regular expression), the parameters you define in the Contexts often actually determine what is regarded as normal. This means that anything above/below/outside/not matching these values is regarded as a match for the Situation. In some cases, you might define what the Situation does not match.
Effective modifications to the protocol-specific Contexts require you to be familiar with the protocols in question and how the traffic in your network uses those protocols.