Content keywords
byte_jump
Syntax: --byte_jump <bytes_to_convert>, <offset>[, multiplier][, relative] [, big] [, little] [, string] [, hex] [, dec] [, oct] [, align];
Description:
Use the byte_jump option to extract a number of bytes from a packet, convert them to their numeric representation, and jump the match reference up that many bytes (for further pattern matching or byte testing). This keyword allows relative pattern matches to take into account numerical values found in network data.
The available keyword options include:
• <bytes_to_convert>: The number of bytes to examine from the packet.
• <offset>: The number of bytes into the payload to start processing.
• [multiplier]: multiplier is optional. It must be a numerical value when present. The converted value multiplied by the number is the result to be skipped.
• relative: Use an offset relative to last pattern match.
• big: Process the data as big endian (default).
• little: Process the data as little endian.string: The data is a string in the packet.
• hex: The converted string data is represented in hexadecimal notation.
• dec: The converted string data is represented in decimal notation.
• oct: The converted string data is represented in octal notation.
• align: Round up the number of converted bytes to the next 32-bit boundary.