Initial import
This commit is contained in:
parent
b343b3735a
commit
00e02281b3
GPG Key ID:
6B267AD85D632E9A
27
colorfilters
Normal file
27
colorfilters
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
# DO NOT EDIT THIS FILE! It was created by Wireshark
|
||||||
|
@T-Small Window Sizes (<1320)@tcp.window_size < 1320 && tcp.window_size > 0@[65535,42405,0][0,0,0]
|
||||||
|
@T-Large Time Delay (>2 seconds)@frame.time_delta_displayed > 2.0@[65535,42405,0][0,0,0]
|
||||||
|
@T-DNS Error Responses@!dns.flags.rcode == 0 && dns.flags.response == 1@[42542,28989,4143][0,0,0]
|
||||||
|
@T-HTTP Error Response (>399)@http.response.code > 399@[65535,42405,0][0,0,0]
|
||||||
|
@N-Window Update@expert.message == "Window update"@[0,25700,0][65535,65535,65535]
|
||||||
|
@I-SYN Packet@tcp.flags.syn == 1@[51530,2378,2378][65535,65535,65535]
|
||||||
|
@Bad TCP@tcp.analysis.flags@[0,0,0][65535,24383,24383]
|
||||||
|
@N-TCP Header > 20@tcp.hdr_len > 20@[0,25700,0][65535,65535,65535]
|
||||||
|
@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
|
||||||
|
@Spanning Tree Topology Change@stp.type == 0x80@[0,0,0][65535,63222,0]
|
||||||
|
@OSPF State Change@ospf.msg != 1@[0,0,0][65535,63222,0]
|
||||||
|
@ICMP errors@icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4@[0,0,0][0,65535,3616]
|
||||||
|
@ARP@arp@[55011,59486,65534][0,0,0]
|
||||||
|
@ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
|
||||||
|
@TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
|
||||||
|
@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
|
||||||
|
!@Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383]
|
||||||
|
@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
|
||||||
|
@HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
|
||||||
|
@IPX@ipx || spx@[65534,58325,58808][0,0,0]
|
||||||
|
@DCERPC@dcerpc@[51199,38706,65533][0,0,0]
|
||||||
|
@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
|
||||||
|
@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
|
||||||
|
@TCP@tcp@[59345,58980,65534][0,0,0]
|
||||||
|
@UDP@udp@[28834,57427,65533][0,0,0]
|
||||||
|
@Broadcast@eth[0] & 1@[65535,65535,65535][32768,32768,32768]
|
||||||
6
decode_as_entries
Normal file
6
decode_as_entries
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
# "Decode As" entries file for Wireshark 1.99.5.
|
||||||
|
#
|
||||||
|
# This file is regenerated each time "Decode As" preferences
|
||||||
|
# are saved within Wireshark. Making manual changes should be safe,
|
||||||
|
# however.
|
||||||
|
decode_as_entry: tcp.port,6001,X11,DIAMETER
|
||||||
16
dfilters
Normal file
16
dfilters
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
|
||||||
|
"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
|
||||||
|
"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
|
||||||
|
"No ARP" not arp
|
||||||
|
"IP only" ip
|
||||||
|
"IP address 192.168.0.1" ip.addr == 192.168.0.1
|
||||||
|
"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
|
||||||
|
"IPX only" ipx
|
||||||
|
"TCP only" tcp
|
||||||
|
"UDP only" udp
|
||||||
|
"UDP port isn't 53 (not DNS), don't use != for this!" !(tcp.port == 53)
|
||||||
|
"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
|
||||||
|
"HTTP" http
|
||||||
|
"No ARP and no DNS" not arp and !(udp.port == 53)
|
||||||
|
"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1
|
||||||
|
"T- Coloring Rules" frame.coloring_rule.name contains "T-"
|
||||||
4
disabled_protos
Normal file
4
disabled_protos
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
esl
|
||||||
|
hilscher
|
||||||
|
lanforge
|
||||||
|
prp
|
||||||
1
io_graphs
Normal file
1
io_graphs
Normal file
@ -0,0 +1 @@
|
|||||||
|
# This file is automatically generated, DO NOT MODIFY.
|
||||||
5117
preferences
Normal file
5117
preferences
Normal file
File diff suppressed because it is too large
Load Diff
85
recent
Normal file
85
recent
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
# Recent settings file for Wireshark 2.3.0-1116-g1d35c7f.
|
||||||
|
#
|
||||||
|
# This file is regenerated each time Wireshark is quit
|
||||||
|
# and when changing configuration profile.
|
||||||
|
# So be careful, if you want to make manual changes here.
|
||||||
|
|
||||||
|
|
||||||
|
# Main Toolbar show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.toolbar_main_show: TRUE
|
||||||
|
|
||||||
|
# Filter Toolbar show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.filter_toolbar_show: TRUE
|
||||||
|
|
||||||
|
# Wireless Settings Toolbar show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.wireless_toolbar_show: FALSE
|
||||||
|
|
||||||
|
# Packet list show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.packet_list_show: TRUE
|
||||||
|
|
||||||
|
# Tree view show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.tree_view_show: TRUE
|
||||||
|
|
||||||
|
# Byte view show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.byte_view_show: TRUE
|
||||||
|
|
||||||
|
# Statusbar show (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.statusbar_show: TRUE
|
||||||
|
|
||||||
|
# Packet list colorize (hide).
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.packet_list_colorize: TRUE
|
||||||
|
|
||||||
|
# Timestamp display format.
|
||||||
|
# One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_YMD, ABSOLUTE_WITH_YDOY, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_YMD, UTC_WITH_YDOY, UTC_WITH_DATE
|
||||||
|
gui.time_format: DELTA_DIS
|
||||||
|
|
||||||
|
# Timestamp display precision.
|
||||||
|
# One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
|
||||||
|
gui.time_precision: AUTO
|
||||||
|
|
||||||
|
# Seconds display format.
|
||||||
|
# One of: SECONDS, HOUR_MIN_SEC
|
||||||
|
gui.seconds_format: SECONDS
|
||||||
|
|
||||||
|
# Zoom level.
|
||||||
|
# A decimal number.
|
||||||
|
gui.zoom_level: 0
|
||||||
|
|
||||||
|
# Bytes view.
|
||||||
|
# A decimal number.
|
||||||
|
gui.bytes_view: 0
|
||||||
|
|
||||||
|
# Main window upper (or leftmost) pane size.
|
||||||
|
# Decimal number.
|
||||||
|
gui.geometry_main_upper_pane: 429
|
||||||
|
|
||||||
|
# Main window middle pane size.
|
||||||
|
# Decimal number.
|
||||||
|
gui.geometry_main_lower_pane: 474
|
||||||
|
|
||||||
|
# Packet list column pixel widths.
|
||||||
|
# Each pair of strings consists of a column format and its pixel width.
|
||||||
|
column.width: %m, 78, %t, 95, %Cus:tcp.time_delta, 100, %s, 120, %d, 120, %p, 91, %Cus:tcp.window_size, 83, %Cus:tcp.options.mss_val, 100, %Cus:ip.len, 87, %Cus:ip.ttl, 82, %Cus:ip.hdr_len, 100, %i, 908
|
||||||
|
|
||||||
|
# Open conversation dialog tabs.
|
||||||
|
# List of conversation names, e.g. "TCP", "IPv6".
|
||||||
|
gui.conversation_tabs:
|
||||||
|
""
|
||||||
|
|
||||||
|
# Open endpoint dialog tabs.
|
||||||
|
# List of endpoint names, e.g. "TCP", "IPv6".
|
||||||
|
gui.endpoint_tabs:
|
||||||
|
""
|
||||||
|
|
||||||
|
# For RLC stats, whether to use RLC PDUs found inside MAC frames.
|
||||||
|
# TRUE or FALSE (case-insensitive).
|
||||||
|
gui.rlc_pdus_from_mac_frames: FALSE
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user