**byte_jump** obtains data from the traffic, converts the data into an integer, and uses the integer as the offset of the next detection item matching.

Example:

```
flow: to_server; content:"|11 94 00 F5|"; byte_jump:4, 12, relative, align; byte_test:4, >, 900, 20, relative;
```

After **|11 94 00 F5|** is matched, 4 bytes after an offset of 12 bytes are obtained and then converted into value A, and A is used for 4-byte alignment to obtain A+. Then, 4 bytes are obtained after an offset of 20 bytes from the offset A+. These 4 bytes are converted into a numeric value and compared with 900.

Syntax format:

```
byte_jump:<bytes_to_convert>, <offset> [, relative][, multiplier <mult_value>][, <endian>][, string, <number_type>][, align][, from_beginning][, from_end][, post_offset <adjustment value>][, bitmask <bitmask_value>];
```

Parameter description

| Parameter                 | Description                                                     |
| -------------------- | ------------------------------------------------------------ |
| bytes\_to\_convert     | Number of bytes obtained from the data packet. If data in the string format is obtained, the value is less than or equal to 10 and greater than 0. If the data is an integer, the value is smaller than 4 and greater than 0. |
| offset               | Offset of the bytes that start to be processed in the content to be detected. The value ranges from -65535 to +65535. |
| relative             | Offset relative to the previous feature string matching.                           |
| big                  | Processes data in the network byte order (default).                               |
| little               | Processes data in the host byte order.                                       |
| string               | Sets the data in the data packet to be stored as a character string.                               |
| hex                  | Converts the character string data into a value in hexadecimal format.                             |
| dec                  | Converts the character string data into a value in decimal format.                                |
| oct                  | Converts the character string data into a value in octal format.                               |
| align                | During conversion, 4-byte alignment is performed. That is, the number of bytes to be converted is a multiple of 4. |
| from_beginning       | Calculates the offset from the beginning of the data packet.                                       |
| from_end             | Calculates the offset from the end of the data packet.                                       |
 | post_offset &#60;value&#62; | Moves the offset based on the value. If the value is negative, the offset is moved forward.                   |
| bitmask              | Converts the data into a mask.                                                   |

byte_jump Syntax Rules