Index | Info | Analysis | Download | Rules
"""
port = 4000/tcp
initstring = "Hello",0x0a
request = "Random data here:"
endstring = "End of buffer"
options=read_first,read_after_initstring,read_after_request,random_data,random_alphanum
"""
A new rule doing the same thing would be:
"""
port = 4000/tcp
peer read
peer write: "Hello",0x0a
peer read
peer write: "Random data here:",%random:data(10000,alphanum)
peer read
options =
"""
18/06/06: Increased MAXSIZE to 65534.