| KFSensor |
| About |
| Overview |
| Screen shots |
| Features |
| Enterprise edition |
| Compare editions |
Download trial  |
| Buy KFSensor |
| News |
| Manual |
| Knowledge Base |
| Links |
| Extras |
Factsheet (.pdf)  |
Edit Bytes Signature
Use the Edit Signature dialog box to add or change a bytes signature definition.
The other signature types are handled by the Edit Signature dialog box.
A bytes signature is used to match data in more complex ways than a string match.
The Signatures section of the KFSensor Concepts section of the manual describes how signatures are matched in more detail.
Fields
- Value
The number in decimal format that the data should be matched against - Value Type
The type controls how the data should be converted before it is matched against the valueType Notes Big endian binary number The bytes are converted into a number from big endian format. This is the most common binary representation found in network protocols. Little endian binary number The bytes are converted into a number from little endian format. This is the most common binary representation found in Windows protocols. Decimal string The bytes are converted from a decimal text string into a number. Hex string The bytes are converted from a hex text string into a number. Octal string The bytes are converted from a octal text string into a number. - Operator
A set of operators which control how the data and the value should be compared. - Bytes
The number of bytes to be matched. For example 4 would be used for a 32 bit number. - Offset
The byte offset into the data where the data should be matched. - Is Relative
If selected then the offset is relative to the end of the last signatures match instead of from the start of the data.
Buttons
- Validate
This button checks whether the signature is valid.