[Snort-users] snort rule byte_test operator problem

Jasmine Chua babymagic_89 at ...131...
Tue May 15 12:57:32 EDT 2007


Dear Snort users,

I have been trying to figure out the snort rule option
"byte_test".  
http://www.snort.org/docs/snort_htmanuals/htmanual_261/node203.html

For instance, we have 

byte_test:4,>,128,relative;

that will grab 4 bytes which happens to be "00 00 0F
FF" 

So, in this case, how do I manually calculate to check
if the above 4 bytes are actually > 128 or not? 
Problem is I do not know what does the value 128
represent? Is it in decimal?

Sorry, if my question sounds stupid, I really can't
help it.

Thanks in advance,
-JC 






       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/  




More information about the Snort-users mailing list