Without some further detail of what it is you're trying to write a signature for, I don't think anyone can answer your question, per se.
I can't think of any signature engine that alarms based on total number of bytes within a given transport protocol (or even ICMP, just in case you're looking at that) by itself.
I know you can use a byte mask to indicate where your signature will actually start working (for example, TCP Stream signature where you look for a particular regular expression after 400 bytes of data have been seen), but the number of bytes itself won't set off an alarm.
Of course, I'm not including DoS scenarios like Ping of Death and Teardrop where specific signatures have already been provided, but I'm just saying this for completeness...
Care to expand on your intent?
Alex Arndt