feature request: ragrep
Carter Bullard
carter at qosient.com
Mon Jun 16 12:37:54 EDT 2008
Hey CS Lee,
So can't you specify this using regular expression anchors and
repetition? So you want to find "root" anywhere after 11 characters
from the front of the user data.
-e "^.{11}.*root"
The '^' anchors the search at the start of the string. the ".{11}"
requires
that there be 11 characters of something, and then anywhere after that,
the regular expression will match 'root'.
Does that do it?
Carter
On Jun 15, 2008, at 11:05 AM, CS Lee wrote:
> hi carter,
>
> I'm making a request about ragrep to add the search range offset.
> For example the matching only apply to first 10 bytes in user data,
> or between 25-30 bytes in user data. With the range specification it
> can reduce false positive to filter desired flows.
>
> Thanks.
>
> --
> Best Regards,
>
> CS Lee<geek00L[at]gmail.com>
>
> http://geek00l.blogspot.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20080616/955cf6f5/attachment.html>
More information about the argus
mailing list