blob: 1782ff544aabed7ae4004294fabad027992f9052 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
# TFTP - Trivial File Transfer Protocol - used for bootstrapping - RFC 1350
# Pattern attributes: marginal fast fast
# Protocol groups: document_retrieval ietf_internet_standard
# Wiki: http://www.protocolinfo.org/wiki/TFTP
# Copyright (C) 2008 Matthew Strait, Ethan Sommer; See ../LICENSE
#
# usually runs on port 69
#
# This pattern is unconfirmed.
tftp
# The first packet from the initiating host should either be a Read Request
# or a Write Request. In the other direction, it should be data packet with
# block number one or an ACK with block number zero. We only attempt to match
# the initiating host's packets, because the only identifying features of
# the responses to them are two byte sequences (which isn't specific enough).
# (\x01|\x02) = Read Request or Write Request
# [ -~]* = the file name
# the rest = netascii|octet|mail (case insensitivity done by the kernel)
^(\x01|\x02)[ -~]*(netascii|octet|mail)
|