[Snort-users] Hardcore -r question

John Sage jsage at ...2022...
Tue Jun 12 22:04:46 EDT 2001


Mark:

Awesome!

Of course!

I hadn't gotten to thinking it through that far. Knew there had to be a 
reason.

Just to fill in completely:

   111  =    0x6F
62319  =  0xF36F

Thnx..

- John

Mark Evans wrote:

> note that 111 in binary is          01101111
> and that 62319 in binary is 1111001101101111
> 
> so if you just look at the binary then they
> both match on the 2nd byte - the one that [3:1]
> looks at.
> 
> it would have matched a whole load of other
> packets that ended 01101111 if you had received 
> any.
> 
> as i understand it (ymmv)
> 
> cheers,






More information about the Snort-users mailing list