I’ve been trying to get a filter to match a sequence that can appear at any offset but follows a pattern of two set values, a random value, and a final set value.

Tried the usual suspects like: contains a4:c3:$$:b2 contains a4:c3:??:b2 contains a4:c3:*:b2 contains a4:c3:[00-ff]:b2 contains a4:c3:[!00]:b2

Tried replacing contains with matches.

How would I go about doing this?

Thank you.

contains is a plain string search. What you are looking for is matches (regular expressions):

I have not tested the following, but I think it should work. matches "a4:c3:..:b2"

However, if the data is binary, you'll have to escape the HEX representation matches "\xa4.\xc3...\xb2"

I did NOT escape ":" as I don't know if that's an ASCII char in your example, so I used '.' instead.


