[Snort-users] snort rule byte_test operator problem

Jasmine Chua babymagic_89 at ...131...
Tue May 15 12:57:32 EDT 2007

Dear Snort users,

I have been trying to figure out the snort rule option

For instance, we have 


that will grab 4 bytes which happens to be "00 00 0F

So, in this case, how do I manually calculate to check
if the above 4 bytes are actually > 128 or not? 
Problem is I do not know what does the value 128
represent? Is it in decimal?

Sorry, if my question sounds stupid, I really can't
help it.

Thanks in advance,

Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.

More information about the Snort-users mailing list