Snort mailing list archives
snort rule byte_test operator problem
From: Jasmine Chua <babymagic_89 () yahoo com>
Date: Tue, 15 May 2007 09:57:32 -0700 (PDT)
Dear Snort users, I have been trying to figure out the snort rule option "byte_test". http://www.snort.org/docs/snort_htmanuals/htmanual_261/node203.html For instance, we have byte_test:4,>,128,relative; that will grab 4 bytes which happens to be "00 00 0F FF" So, in this case, how do I manually calculate to check if the above 4 bytes are actually > 128 or not? Problem is I do not know what does the value 128 represent? Is it in decimal? Sorry, if my question sounds stupid, I really can't help it. Thanks in advance, -JC ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/ ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort rule byte_test operator problem Jasmine Chua (May 15)
- Re: snort rule byte_test operator problem Paul Schmehl (May 15)