Snort mailing list archives
Re: byte_test?
From: Matt Olney <molney () sourcefire com>
Date: Sun, 2 Aug 2009 08:26:04 -0700
Reads 1 byte and does a bit-wise AND of that byte against 40. The byte read is the second byte in the packet. If the result of this operation is non-zero, then the byte_test is succesful and evaluation continues.
What this ends up meaning is that is either the fourth or sixth bit is set in the second byte if the packet, this rule option will be evaluated successfully.
Matt Sent from my iPhone On Jul 31, 2009, at 11:05 AM, DJ Adie <djadie80 () gmail com> wrote:
Hello,I am having trouble figuring out what "byte_test" is looking for within a packet. Can someone explain it to me? For example:byte_test:1,&,40,2--- --- --- --------------------------------------------------------------------- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus onwhat you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- byte_test? DJ Adie (Jul 31)
- Re: byte_test? Matt Olney (Aug 02)