Cisco Cisco Firepower Management Center 2000

Define how the system views string data in a packet by using one of the arguments in the following table.

For example, if the values you set for 

byte_jump

 are as follows:

Bytes = 4

Offset = 12 

Relative enabled

Align enabled

the rules engine calculates the number described in the four bytes that appear 13 bytes after the last 
successful content match, and skips ahead that number of bytes in the packet. For instance, if the four 
calculated bytes in a specific packet were 

00 00 00 1F

, the rules engine would convert this to 31. Because 

align

 is specified (which instructs the engine to move to the next 32-bit boundary), the rules engine 

skips ahead 32 bytes in the packet.

Alternately, if the values you set for 

byte_jump

 are as follows:

Bytes = 4

Offset = 12 

From Beginning enabled

Multiplier = 2

Big Endian

Processes data in big endian byte order, which is the default network byte 
order.

Little Endian

Processes data in little endian byte order.

DCE/RPC

Specifies a 

byte_jump

 keyword for traffic processed by the DCE/RPC 

preprocessor. See 

 for more 

information.

The DCE/RPC preprocessor determines big endian or little endian byte order, 
and the 

, 

, and 

 arguments do not apply.

When you enable this argument, you can also use 

byte_jump

 in conjunction 

with other specific DCE/RPC keywords. See 

 for more information.

The DCE/RPC preprocessor must be enabled to allow processing of rules that 
include this option. When the DCE/RPC preprocessor is disabled and you 
enable rules that use this option, you are prompted whether to enable the 
preprocessor when you save the policy. See 

.

Hexadecimal String

Represents converted string data in hexadecimal format.

Decimal String

Represents converted string data in decimal format.

Octal String

Represents converted string data in octal format.