[Bro] Signature framework questions, endianess and bitwise operations
Siwek, Jon
jsiwek at illinois.edu
Thu Jul 24 08:16:56 PDT 2014
On Jul 24, 2014, at 8:49 AM, James Feister <openjaf at gmail.com> wrote:
> I think so, but it would mean I could match the first 4 bits but would then have to include all possible permutations for the next 4 bits with each of those desired first 4.
>
> Had hoped I could just generate a mask to grab the first four bits 0x0F, and then match against those.
Yeah, the result isn’t always concise and you may want to code/script something to auto-generate character classes for a given mask/value, but that’s a way that’s worked for some signatures I’ve done.
- Jon
More information about the Bro
mailing list