Revision history [back]

this filter can detect following packet. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11" but this filter cannot detect. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02" packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No. Time Source Destination Protocol Length Info 12465 2023-12-06 18:23:41.411340 203.141.241.23 192.168.1.4 TCP 872 54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0 Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec) Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4 Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818 Data (818 bytes)

0000 09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43 ......... u8.W.C 0010 00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20 .....A......... 0020 75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00 u8...C.....A.... 0030 00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00 ......;..N6>.... 0040 00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87 ............;... 0050 e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff .K.....A........ 0060 ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff ......c.<.?.d.. 0070 ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00 .........,...... 0080 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 ........c.<.?.d 0090 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 ...........,.... 00a0 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f ..........c.<.? 00b0 00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c .d...........,.. 00c0 00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c ............c.< 00d0 18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c .?.d........c.< 00e0 18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c .?.d........c.< 00f0 18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c .?.d........c.< 0100 18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c .?.d........c.< 0110 18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c .?.d..........., 0120 00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00 .........4I...e. 0130 00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65 ....A..........e 0140 49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00 I.'.Z.....Q..... 0150 00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00 .....K..T.H..... 0160 49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27 I.........,....' 0170 48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff H.....I......... 0180 02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00 .....*H.....I... 0190 00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00 ..........cH... 01a0 00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00 ..I............. 01b0 20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00 .H............. 01c0 ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00 ........,. ._... 01d0 01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00 ..,............. 01e0 00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00 ..........V.P... 01f0 04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00 ....NZ.......... 0200 30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00 0.........A..... 0210 2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00 /.F...B...A..... 0220 2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00 ..........A..... 0230 2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00 ,..J......Q..... 0240 0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00 ..$...0........ 0250 32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00 2...0.......$... 0260 30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00 0`......Z.7..... 0270 00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17 .......i.0...... 0280 7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00 ~......t...i.0.. 0290 9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69 ........... ...i 02a0 f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00 .0].....$....... 02b0 00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff ...i.0d......... 02c0 ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17 ....$.......A... 02d0 0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11 ..2...........$. 02e0 00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00 ......A...F.7... 02f0 03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a ......#..i.0..@. 0300 fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30 .............i.0 0310 4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10 L.L............. 0320 04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff .i.0..5......... 0330 0e 00 ..

this filter can detect following packet. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11" but this filter cannot detect. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02" packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818
Len=818
  
Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<

this filter can detect following packet. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11" but this filter cannot detect. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02" packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<

0110 18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c .?.d..........., 0120 00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00 .........4I...e. 0130 00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65 ....A..........e 0140 49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00 I.'.Z.....Q..... 0150 00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00 .....K..T.H..... 0160 49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27 I.........,....' 0170 48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff H.....I......... 0180 02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00 .....*H.....I... 0190 00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00 ..........cH... ......`....cH... 01a0 00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00 ..I............. 01b0 20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00 .H............. 01c0 ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00 ........,. ._... 01d0 01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00 ..,............. 01e0 00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00 ..........V.P... 01f0 04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00 ....NZ.......... 0200 30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00 0.........A.....

0210 2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00 /.F...B...A..... 0220 2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00 ..........A..... 0230 2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00 ,..J......Q..... 0240 0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00 ..$...0........ 0250 32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00 2...0.......$... 0260 30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00 0`......Z.7..... 0......Z.7..... 0270 00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17 .......i.0...... 0280 7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00 ~......t...i.0.. 0290 9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69 ........... ...i 02a0 f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00 .0].....$....... 02b0 00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff ...i.0d......... 02c0 ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17 ....$.......A... 02d0 0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11 ..2...........$. 02e0 00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00 ......A...F.7... 02f0 03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a ......#..i.0..@. 0300 fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30 .............i.0 0310 4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10 L.L............. 0320 04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff .i.0..5......... 0330 0e 00 ..

this filter can detect following packet. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11" but this filter cannot detect. ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02" packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0110  18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c   .?.d...........,
0120  00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00   .........4I...e.
0130  00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65   ....A..........e
0140  49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00   I.'.Z.....Q.....
0150  00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00   .....K..T.H.....
0160  49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27   I.........,....'
0170  48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff   H.....I.........
0180  02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00   .....*H.....I...
0190  00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00   ......`....cH...
01a0  00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00   ..I.............
01b0  20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00    .H.............
01c0  ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00   ........,. ._...
01d0  01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00   ..,.............
01e0  00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00   ..........V.P...
01f0  04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00   ....NZ..........
0200  30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00   0.........A.....

0210 2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00 /.F...B...A..... 0220 2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00 ..........A..... 0230 2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00 ,..J......Q..... 0240 0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00 ..$...0........ ..$...0`........ 0250 32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00 2...0.......$... 0260 30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00 0......Z.7..... 0`......Z.7..... 0270 00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17 .......i.0...... 0280 7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00 ~......t...i.0.. 0290 9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69 ........... ...i 02a0 f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00 .0].....$....... 02b0 00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff ...i.0d......... 02c0 ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17 ....$.......A... 02d0 0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11 ..2...........$. 02e0 00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00 ......A...F.7... 02f0 03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a ......#..i.0..@. 0300 fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30 .............i.0 0310 4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10 L.L............. 0320 04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff .i.0..5......... 0330 0e 00 ..

this filter can detect following packet. packet.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11"

but this filter cannot detect. detect.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02"

packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0110  18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c   .?.d...........,
0120  00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00   .........4I...e.
0130  00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65   ....A..........e
0140  49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00   I.'.Z.....Q.....
0150  00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00   .....K..T.H.....
0160  49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27   I.........,....'
0170  48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff   H.....I.........
0180  02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00   .....*H.....I...
0190  00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00   ......`....cH...
01a0  00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00   ..I.............
01b0  20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00    .H.............
01c0  ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00   ........,. ._...
01d0  01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00   ..,.............
01e0  00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00   ..........V.P...
01f0  04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00   ....NZ..........
0200  30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00   0.........A.....
0210  2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00   /.F...B...A.....
0220  2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00   ..........A.....
0230  2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00   ,..J......Q.....
0240  0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00   ..$...0`........
0250  32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00   2...0.......$...
0260  30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00   0`......Z.7.....
0270  00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17   .......i.0......
0280  7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00   ~......t...i.0..
0290  9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69   ........... ...i
02a0  f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00   .0].....$.......
02b0  00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff   ...i.0d.........
02c0  ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17   ....$.......A...
02d0  0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11   ..2...........$.
02e0  00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00   ......A...F.7...
02f0  03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a   ......#..i.0..@.
0300  fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30   .............i.0
0310  4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10   L.L.............
0320  04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff   .i.0..5.........
0330  0e 00                                             ..

this filter can detect following packet.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11"

but this filter cannot detect.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02"

packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0110  18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c   .?.d...........,
0120  00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00   .........4I...e.
0130  00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65   ....A..........e
0140  49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00   I.'.Z.....Q.....
0150  00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00   .....K..T.H.....
0160  49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27   I.........,....'
0170  48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff   H.....I.........
0180  02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00   .....*H.....I...
0190  00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00   ......`....cH...
01a0  00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00   ..I.............
01b0  20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00    .H.............
01c0  ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00   ........,. ._...
01d0  01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00   ..,.............
01e0  00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00   ..........V.P...
01f0  04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00   ....NZ..........
0200  30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00   0.........A.....
0210  2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00   /.F...B...A.....
0220  2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00   ..........A.....
0230  2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00   ,..J......Q.....
0240  0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00   ..$...0`........
0250  32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00   2...0.......$...
0260  30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00   0`......Z.7.....
0270  00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17   .......i.0......
0280  7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00   ~......t...i.0..
0290  9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69   ........... ...i
02a0  f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00   .0].....$.......
02b0  00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff   ...i.0d.........
02c0  ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17   ....$.......A...
02d0  0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11   ..2...........$.
02e0  00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00   ......A...F.7...
02f0  03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a   ......#..i.0..@.
0300  fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30   .............i.0
0310  4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10   L.L.............
0320  04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff   .i.0..5.........
0330  0e 00                                             ..

this filter can detect following packet.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11"

but this filter cannot detect.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02"

packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0110  18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c   .?.d...........,
0120  00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00   .........4I...e.
0130  00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65   ....A..........e
0140  49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00   I.'.Z.....Q.....
0150  00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00   .....K..T.H.....
0160  49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27   I.........,....'
0170  48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff   H.....I.........
0180  02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00   .....*H.....I...
0190  00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00   ......`....cH...
01a0  00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00   ..I.............
01b0  20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00    .H.............
01c0  ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00   ........,. ._...
01d0  01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00   ..,.............
01e0  00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00   ..........V.P...
01f0  04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00   ....NZ..........
0200  30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00   0.........A.....
0210  2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00   /.F...B...A.....
0220  2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00   ..........A.....
0230  2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00   ,..J......Q.....
0240  0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00   ..$...0`........
0250  32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00   2...0.......$...
0260  30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00   0`......Z.7.....
0270  00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17   .......i.0......
0280  7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00   ~......t...i.0..
0290  9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69   ........... ...i
02a0  f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00   .0].....$.......
02b0  00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff   ...i.0d.........
02c0  ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17   ....$.......A...
02d0  0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11   ..2...........$.
02e0  00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00   ......A...F.7...
02f0  03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a   ......#..i.0..@.
0300  fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30   .............i.0
0310  4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10   L.L.............
0320  04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff   .i.0..5.........
0330  0e 00                                             ..

this filter can detect following packet.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11"

but this filter cannot detect.

ip.src == 203.141.241.0/24 && data.data matches"\xcc\xcc.{6,6}\x37\x11.*\x24\x02"

packet containing \x24\x02 in line 0x02a0. anyone knows reason?

No.     Time                          Source                Destination           Protocol Length Info
  12465 2023-12-06 18:23:41.411340    203.141.241.23        192.168.1.4           TCP      872    54632 → 49181 [PSH, ACK] Seq=86956 Ack=4631 Win=507 Len=818

Frame 12465: 872 bytes on wire (6976 bits), 872 bytes captured (6976 bits) on interface \Device\NPF_{92F34A3C-A9F7-49AC-9AFB-65AD6643BC83}, id 0
Ethernet II, Src: NECPlatforms_d5:52:36 (00:0d:02:d5:52:36), Dst: VMware_e5:42:ec (00:0c:29:e5:42:ec)
Internet Protocol Version 4, Src: 203.141.241.23, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 54632, Dst Port: 49181, Seq: 86956, Ack: 4631, Len: 818
Data (818 bytes)

0000  09 00 00 00 00 00 00 ff ff 20 75 38 00 57 c0 43   ......... u8.W.C
0010  00 00 00 00 00 41 08 00 00 00 00 00 00 ff ff 20   .....A......... 
0020  75 38 00 e4 c0 43 00 00 00 00 00 41 08 00 00 00   u8...C.....A....
0030  00 00 00 ff ff b3 3b fd 00 4e 36 3e 00 00 00 00   ......;..N6>....
0040  00 c1 01 00 00 00 00 00 00 ff ff b3 3b fd 00 87   ............;...
0050  e6 4b 00 00 00 00 00 41 09 00 00 00 00 00 00 ff   .K.....A........
0060  ff 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64 00 ff   ...*...c.<.?.d..
0070  ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02 00 00   .........,......
0080  00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f 00 64   .....*...c.<.?.d
0090  00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c 00 02   ...........,....
00a0  00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c 18 3f   .......*...c.<.?
00b0  00 64 00 ff ff 12 00 97 12 00 00 01 00 2c 00 0c   .d...........,..
00c0  00 02 00 00 00 00 00 10 00 2a 12 00 00 63 1a 3c   .........*...c.<
00d0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00e0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
00f0  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0100  18 3f 00 64 00 ff ff 10 00 2a 12 00 00 63 1a 3c   .?.d.....*...c.<
0110  18 3f 00 64 00 ff ff ab 00 07 14 00 00 02 00 2c   .?.d...........,
0120  00 ec 04 07 00 00 00 00 02 34 49 01 c7 ee 65 00   .........4I...e.
0130  00 00 00 00 41 09 00 00 00 00 00 00 ff ff 10 65   ....A..........e
0140  49 00 27 b6 5a 00 00 00 00 00 51 08 00 00 00 00   I.'.Z.....Q.....
0150  00 00 ff ff c5 4b 17 00 54 06 48 00 00 00 00 00   .....K..T.H.....
0160  49 08 00 00 00 00 00 00 ff ff 2c 16 15 00 9d 27   I.........,....'
0170  48 00 00 00 00 00 49 08 00 00 00 00 00 00 ff ff   H.....I.........
0180  02 f5 14 00 9a 2a 48 00 00 00 00 00 49 08 00 00   .....*H.....I...
0190  00 00 00 00 ff ff 60 ec 16 00 fb 63 48 00 00 00   ......`....cH...
01a0  00 00 49 08 00 00 00 00 00 00 ff ff a7 9a 17 00   ..I.............
01b0  20 12 48 00 00 00 00 00 c9 08 00 00 00 00 00 00    .H.............
01c0  ff ff 08 00 d1 11 00 00 2c 00 20 00 5f 12 00 00   ........,. ._...
01d0  01 00 2c 00 00 00 f6 ff ff ff 04 00 00 00 01 00   ..,.............
01e0  00 00 e4 03 00 00 00 00 00 00 56 00 50 11 00 00   ..........V.P...
01f0  04 00 02 c0 4e 5a 00 00 00 00 bc 13 00 00 00 00   ....NZ..........
0200  30 00 88 90 00 00 a2 ae 00 00 41 08 00 00 00 00   0.........A.....
0210  2f 00 46 88 02 00 42 c2 00 00 41 09 00 00 00 00   /.F...B...A.....
0220  2e 00 88 90 00 00 ad ad 00 00 41 08 00 00 00 00   ..........A.....
0230  2c 00 c2 4a 03 00 d9 04 01 00 51 09 00 00 00 00   ,..J......Q.....
0240  0e 00 24 11 00 00 30 60 cc cc 9c 1a 97 17 0c 00   ..$...0`........
0250  32 11 00 00 30 00 00 c0 02 00 0e 00 24 11 00 00   2...0.......$...
0260  30 60 cc cc 9c 1a 97 17 5a 00 37 11 00 00 04 00   0`......Z.7.....
0270  00 00 05 b0 01 11 04 69 f8 30 01 00 9e 1a 97 17   .......i.0......
0280  7e 00 ff ff ff ff 06 74 83 10 04 69 f8 30 01 00   ~......t...i.0..
0290  9c 1a 92 17 ff ff ff ff ff ff 0a 20 85 11 04 69   ........... ...i
02a0  f8 30 5d 00 8e 1a 96 17 24 02 ca 00 ff ff 0b 00   .0].....$.......
02b0  00 10 04 69 f8 30 64 0e 9c 1a 97 17 ff ff ff ff   ...i.0d.........
02c0  ff ff 0e 00 24 11 00 00 2e 00 cc cc 41 1a f5 17   ....$.......A...
02d0  0c 00 32 11 00 00 2e 00 00 c0 02 00 0e 00 24 11   ..2...........$.
02e0  00 00 2e 00 cc cc 41 1a f5 17 46 00 37 11 00 00   ......A...F.7...
02f0  03 00 00 00 0c fc 23 11 04 69 f8 30 01 00 40 1a   ......#..i.0..@.
0300  fc 17 c7 00 ff ff ff ff 0f f4 84 11 04 69 f8 30   .............i.0
0310  4c 00 4c 1a f1 17 d4 00 ff ff ff ff 11 00 00 10   L.L.............
0320  04 69 f8 30 f5 0e 35 1a f1 17 ff ff ff ff ff ff   .i.0..5.........
0330  0e 00                                             ..