Re: Max. allowed bytes to extract

[Alex McDonnell <amcdonnell () sourcefire com>]

Hi YM,

a quick grep through the ruleset shows that those that byte_extract 10
bytes all use the "string" modifier. byte_extract of hex data is limited to
4 bytes.

On Tue, Mar 29, 2016 at 3:57 PM, Y M <snort () outlook com> wrote:

> Hello all,
>
>
> While trying to use the byte_extract, I received an error message
> "byte_extract rule option cannot extract more than 4 bytes.". Looking at
> some existing signatures, some of the have 10 bytes to extract. I was not
> able to infer this from the documentation. Any idea what is the maximum
> allowed number of bytes to extract?
>
>
> Thanks.
>
> YM
>
>
> ------------------------------------------------------------------------------
> Transform Data into Opportunity.
> Accelerate data analysis in your applications with
> Intel Data Analytics Acceleration Library.
> Click to learn more.
> http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785471&iu=/4140

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!