[Snort-users] byte_test?

Matt Olney molney at ...1935...
Sun Aug 2 11:26:04 EDT 2009


Reads 1 byte and does a bit-wise AND of that byte against 40.  The  
byte read is the second byte in the packet.  If the result of this  
operation is non-zero, then the byte_test is succesful and evaluation  
continues.

What this ends up meaning is that is either the fourth or sixth bit is  
set in the second byte if the packet, this rule option will be  
evaluated successfully.

Matt

Sent from my iPhone

On Jul 31, 2009, at 11:05 AM, DJ Adie <djadie80 at ...11827...> wrote:

> Hello,
>
> I am having trouble figuring out what "byte_test" is looking for  
> within a packet. Can someone explain it to me? For example:
>
> byte_test:1,&,40,2
>
>
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090802/91e42593/attachment.html>


More information about the Snort-users mailing list