Custom signatures Creating custom signatures
FortiGate IPS User Guide Version 3.0 MR7
01-30007-0080-20080916 25
Table 4: Content keywords
Keyword and value Description
--byte_jump
<bytes_to_convert>,
<offset>[, relative]
[, big] [, little]
[, string] [, hex]
[, dec] [, oct]
[, align];
Use the byte_jump option to extract a number of
bytes from a packet, convert them to their numeric
representation, and jump the match reference up that
many bytes (for further pattern matching or byte
testing). This keyword allows relative pattern matches
to take into account numerical values found in network
data.
The available keyword options include:
• <bytes_to_convert>: The number of bytes to
examine from the packet.
• <offset>: The number of bytes into the payload to
start processing.
• relative: Use an offset relative to last pattern
match.
• big: Process the data as big endian (default).
• little: Process the data as little endian.
• string: The data is a string in the packet.
• hex: The converted string data is represented in
hexadecimal notation.
• dec: The converted string data is represented in
decimal notation.
• oct: The converted string data is represented in
octal notation.
• align: Round up the number of converted bytes to
the next 32-bit boundary.
To Next Page
Loading...