good day, i know that answer might be simple but cannot find correct approach. I have an application which identified as unknown-TCP and i have created pattern for it with few conditions. now I have discovered that some devices behave different way and my pattern order not match, so I think to identify app based on first string in ASCII format. for instance, I have following string in pcap: My Agent 2.43 pour MSWIN32. if i create such pattern as unknown-rsp-tcp-payload, it works. But I would like to avoid issue in case of other version for application, but when I use new pattern: My Agent \d\.[\d]{0,}\s pour MSWin32 it fails to apply. if I will convert everything to HEX, I am afraid to be depended on version number... I am new to regex and would like to understand how to create these custom app-id, so please help.
... View more