7.1.5. Matching arbitrary data blocks



It is possible to match some extracted samples against a binary data blocks which may not safely be represented as a string.
For this, the patterns must be passed as a series of hexadecimal digits in an even number, when the match method is set to binary. Each sequence of two digits will represent a byte.

The hexadecimal digits may be used upper or lower case.

Example :

    # match "Hello\n" in the input stream (\x48 \x65 \x6c \x6c \x6f \x0a)
    acl hello payload(0,6) -m bin 48656c6c6f0a
Share Button

Leave a Reply