farrokhi/wireshark-profile
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Initial import

Browse Source
This commit is contained in:
Babak Farrokhi
2016-10-20 14:41:11 +03:30
parent b343b3735a
commit 00e02281b3
8 changed files with 5257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dfilters Normal file
View File

@ -0,0 +1,16 @@
"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
"No ARP" not arp
"IP only" ip
"IP address 192.168.0.1" ip.addr == 192.168.0.1
"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
"IPX only" ipx
"TCP only" tcp
"UDP only" udp
"UDP port isn't 53 (not DNS), don't use != for this!" !(tcp.port == 53)
"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
"HTTP" http
"No ARP and no DNS" not arp and !(udp.port == 53)
"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1
"T- Coloring Rules" frame.coloring_rule.name contains "T-"