doc: add tcp-pkt/tcp-stream to intro

Signed-off-by: jason taylor <jtfas90@gmail.com>

diff --git a/doc/userguide/rules/intro.rst b/doc/userguide/rules/intro.rst
index 11ab0f890f8c01f792626457f80a60976f858e48..c3522d3572d5d4bfd027199f5d0e1ff4f5f90ffb 100644 (file)
--- a/doc/userguide/rules/intro.rst
+++ b/doc/userguide/rules/intro.rst
@@ -70,6 +70,11 @@ concerns. You can choose between four basic protocols:
 * icmp
 * ip (ip stands for 'all' or 'any')
 
+There are a couple of additional TCP related protocol options:
+
+* tcp-pkt (for matching content in individual tcp packets)
+* tcp-stream (for matching content only in a reassembled tcp stream)
+
 There are also a few so-called application layer protocols, or layer 7 protocols
 you can pick from. These are: