Format

    byte_extract:<bytes_to_extract>, <offset>, <name> \
        [, relative][, multiplier <multiplier value>][, <endian>]\ 
        [, string][, hex][, dec][, oct][, align <align value>][, dce]

Option	Description
bytes_to_convert	Number of bytes to pick up from the packet
offset	Number of bytes into the payload to start processing
name	Name of the variable. This will be used to reference the variable in other rule options.
relative	Use an offset relative to last pattern match
multiplier $<$value$>$	Multiply the bytes read from the packet by $<$value$>$ and save that number into the variable.
big	Process data as big endian (default)
little	Process data as little endian
dce	Use the DCE/RPC 2 preprocessor to determine the byte-ordering. The DCE/RPC 2 preprocessor must be enabled for this option to work.
string	Data is stored in string format in packet
hex	Converted string data is represented in hexadecimal
dec	Converted string data is represented in decimal
oct	Converted string data is represented in octal
align $<$value$>$	Round the number of converted bytes up to the next $<$value$>$-byte boundary. $<$value$>$ may be 2 or 4.