This is a static archive of our old Q&A Site. Please post any new questions and answers at wildcard


I’ve been trying to get a filter to match a sequence that can appear at any offset but follows a pattern of two set values, a random value, and a final set value.

Tried the usual suspects like: contains a4:c3:$$:b2 contains a4:c3:??:b2 contains a4:c3:*:b2 contains a4:c3:[00-ff]:b2 contains a4:c3:[!00]:b2

Tried replacing contains with matches.

How would I go about doing this?

Thank you.

asked 15 Feb '15, 20:55

screenname123049234583's gravatar image

accept rate: 0%

edited 15 Feb '15, 20:59

One Answer:


contains is a plain string search. What you are looking for is matches (regular expressions):

I have not tested the following, but I think it should work. matches "a4:c3:..:b2"

However, if the data is binary, you'll have to escape the HEX representation matches "\xa4.\xc3...\xb2"

I did NOT escape ":" as I don't know if that's an ASCII char in your example, so I used '.' instead.


answered 16 Feb '15, 06:26

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

edited 16 Feb '15, 06:28