jonathan_239725
Nov 21, 2016Nimbostratus
Detect regexp pattern in tcp payload
I was hoping someone could help me out on the proper syntax and approach to using either matches_regex or regexp to match a string pattern in a tcp payload. Basically I am trying to detect if within a payload there is a string comprised of 8-16 characters that can be either upper lower case or numeric, no spaces or returns. I have tried the following but have had no success:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
set payload [TCP::payload]
if { [regexp {[a-zA-Z0-9] {8,16}} $payload] } {
log local0. "Got a match!"
}
}
My regex isn't strong so I don't know if that's where I'm messing up or if my syntax/approach to this iRule is wrong. I haven't found the matches_regex or regexp documentation to be all too helpful so hoping the dev community can help out!