snort rule byte_test operator problem

[Jasmine Chua <babymagic_89 () yahoo com>]

Dear Snort users,

I have been trying to figure out the snort rule option
"byte_test".  
http://www.snort.org/docs/snort_htmanuals/htmanual_261/node203.html

For instance, we have 

byte_test:4,>,128,relative;

that will grab 4 bytes which happens to be "00 00 0F
FF" 

So, in this case, how do I manually calculate to check
if the above 4 bytes are actually > 128 or not? 
Problem is I do not know what does the value 128
represent? Is it in decimal?

Sorry, if my question sounds stupid, I really can't
help it.

Thanks in advance,
-JC 






       
____________________________________________________________________________________
Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games.
http://sims.yahoo.com/  

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users