Table of Contents
Advertisement
Creating Custom Signatures
Payload Test
The Payload Test type of matching allows Enterasys IPS to specify a set of bytes within packet data
and then run various arithmetic tests against the values those bytes represent. This is a powerful
feature since such operations can be difficult to duplicate within PCRE (or other) tests.
The following example illustrates using the Payload Test type to test whether the byte at offset 6
from the previous match (which could be a PCRE, Extended Pattern, Payload Jump, or another
Payload Test element) AND'ed with the value "128" does not return true:
3-26 Creating Network Sensor Signatures
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?