geedge-jira/md/OMPUB-829.md

# 信息港5楼测试环境，使用自定义特征udp.payload.s2c_first_data的原始数据加偏移时，命中的包中存在误报

| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-829 | 2023-03-01T13:30:31.000+0800 | 刘学利 | 已解决 |


---

使用自定义特征udp.payload.s2c_first_data的原始数据加偏移时，命中的包中存在误报，在命中的数据包中01000000特征从1字节开始也命中了特征。**liuxueli** commented on *2023-03-11T14:53:10.659+0800*:

* offset+depth就是个闭区间，[0,4]包含了前5个字节，所以能命中特征，将depth改为3可避免不符合特征的payload命中。


---

**daikaiqiang** commented on *2023-03-13T11:23:36.995+0800*:

* 已修改特征中depth数值为3，目前在信息港5楼测试环境进行测试并捕包


---


# Attachments

Attachment: 192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng

[192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35632/192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng)


Attachment: wireguard_202302260848019.json

[wireguard_202302260848019.json](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35629/wireguard_202302260848019.json)


Attachment: 微信图片_20230301115455.png

![微信图片_20230301115455.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35631/微信图片_20230301115455.png)


Attachment: 微信图片_20230301115502.png

![微信图片_20230301115502.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35630/微信图片_20230301115502.png)
-												first

											
										
										
											2025-09-14 21:52:36 +00:00
+								# 信息港5楼测试环境，使用自定义特征udp.payload.s2c_first_data的原始数据加偏移时，命中的包中存在误报
 								| ID | Creation Date | Assignee | Status |
 								|----|----------------|----------|--------|
 								| OMPUB-829 | 2023-03-01T13:30:31.000+0800 | 刘学利 | 已解决 |
 								---
 								使用自定义特征udp.payload.s2c_first_data的原始数据加偏移时，命中的包中存在误报，在命中的数据包中01000000特征从1字节开始也命中了特征。**liuxueli** commented on *2023-03-11T14:53:10.659+0800*:
 								* offset+depth就是个闭区间，[0,4]包含了前5个字节，所以能命中特征，将depth改为3可避免不符合特征的payload命中。
 								---
 								**daikaiqiang** commented on *2023-03-13T11:23:36.995+0800*:
 								* 已修改特征中depth数值为3，目前在信息港5楼测试环境进行测试并捕包
 								---
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								# Attachments
-												first

											
										
										
											2025-09-14 21:52:36 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								Attachment: 192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng
-												attachment link

											
										
										
											2025-09-14 22:27:11 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								[192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35632/192.168.54.82.62936-220.181.111.133.4040_290704313442413406.pcapng)
-												first

											
										
										
											2025-09-14 21:52:36 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								Attachment: wireguard_202302260848019.json
-												attachment link

											
										
										
											2025-09-14 22:27:11 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								[wireguard_202302260848019.json](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35629/wireguard_202302260848019.json)
-												first

											
										
										
											2025-09-14 21:52:36 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								Attachment: 微信图片_20230301115455.png
-												attachment link

											
										
										
											2025-09-14 22:27:11 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								![微信图片_20230301115455.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35631/微信图片_20230301115455.png)
 								Attachment: 微信图片_20230301115502.png
-												attachment link

											
										
										
											2025-09-14 22:27:11 +00:00
-												attachment link

											
										
										
											2025-09-14 22:26:17 +00:00
+								![微信图片_20230301115502.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/35630/微信图片_20230301115502.png)
-												first

											
										
										
											2025-09-14 21:52:36 +00:00