 | 1 | initial version |
I solved it myself. It works fine,if use [] as follows
ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*[\x24][\x02]"
or
ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*[\x24]\x02"
following will not work
ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24[\x02]"
This may be a bug in the regular expression.