Snort mailing list archives
Re: problems with Rule using PCRE
From: "Nigel Houghton" <nhoughton () sourcefire com>
Date: Wed, 7 Jan 2009 16:17:13 -0500
On Wed, Jan 7, 2009 at 3:27 PM, Patrick Mullen <pmullen () sourcefire com> wrote:
Matt's description of using multiple byte_tests to test multiple bits is correct. For additional information, please see the old VRT blog at: http://www.snort.org/pub-bin/vrtnews.cgi There is a post named "Checking Multiple Bits in a Flag Field" two thirds of the way down that goes into this in great detail.
Right here: http://vrt-sourcefire.blogspot.com/2008/08/checking-multiple-bits-in-flag-field_29.html -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- problems with Rule using PCRE Document Retention (Jan 07)
- Re: problems with Rule using PCRE Bachelor, Stephen A CTR USSOCOM HQ (Jan 07)
- Message not available
- Re: problems with Rule using PCRE Document Retention (Jan 07)
- Message not available
- Re: problems with Rule using PCRE Bachelor, Stephen A CTR USSOCOM HQ (Jan 07)
- Re: problems with Rule using PCRE Matt Olney (Jan 07)
- Re: problems with Rule using PCRE Matt Olney (Jan 07)
- Re: problems with Rule using PCRE rmkml (Jan 07)
- Re: problems with Rule using PCRE Matt Olney (Jan 07)
- Re: problems with Rule using PCRE Patrick Mullen (Jan 07)
- Re: problems with Rule using PCRE Nigel Houghton (Jan 07)