The byte_extract keyword is another useful option for writing rules against length-encoded protocols. It reads in some number of bytes from the packet payload and saves it to a variable. These variables can be referenced later in the rule, instead of using hard-coded values.
Only two byte_extract variables may be created per rule. They can be
re-used in the same rule any number of times.
Note: