Wireshark says the 59th byte of the ipsec packet is the proto version. How to make a regex to prevent IKEv1 connection?
RegEx is a mask that is moving over an “text” and can be hooked to the end of the beginning but not on a specific point in a “text”.
A dot is a single position so ^… …v1 (55 dots in total) provides you the location of the 56 position. Or if supported ^.{56}v1