Pattern rule
Tests for the presence of a particular character string (hexadecimal or ASCII) in each packet. Can be constrained to search within a specified location for greater efficiency.
Figure 9-9. Pattern rule
The options for a Pattern rule are described below:
- Pattern Type: Specify the pattern inputed is Text or Hexadecimal.
- Text Encoding: Specify the text encoding.
- Case Sensitive: Specify whether to ignore case or not during searching.
- Pattern: Enter the pattern you want to match.
Note: You must enter hex data as pairs of characters separated by spaces 鈥?for example, 09 56 EA 9B. The pattern with “Text type” is somewhat complex; it can contain mixed text and binary data. The binary data is generally enclosed within the pipe (|) character and represendted as bytecode.
- Match Starting From: Use the drop-down list to choose whether you want AthTek NetWalk to get the value starting at the beginning of the packet, the beginning of the IP layer, or the beginning of the application layer. Alternatively, you can have AthTek NetWalk get the value at a specific Offset (in bytes) from the starting point that you choose from the drop-down list.
- Start Offset: Enter the amount of the start offset.
- End Offset: Enter the amount of the end offset. If the end offset is not enabled, AthTek NetWalk will search until reach the end of the packet.
Tip: To constrain the offset within a smaller location, you can get greater efficiency.