[Bro] Regarding signatures

Ayyappa Suryanarayana T ayyappa at tataelxsi.co.in
Fri Mar 9 05:11:47 PST 2007

Hi all,
sorry a small correction in previous mail..

The signature that is to be matched is the following: 
signature gtalk_test { 
 event "gtalk test received" 
 payload /\x17\x03\x01/ 

I tried the following signature also 

signature gtalk_one { 
 event "gtalk one received" 
 payload /.{0,0}\x17/ 
 payload /.{1,1}\x03/ 
 payload /.{2,2}\x01/ 

More information about the Bro mailing list