Initial import

colorfilters

@@ -0,0 +1,27 @@
+# DO NOT EDIT THIS FILE!  It was created by Wireshark
+@T-Small Window Sizes (<1320)@tcp.window_size < 1320 && tcp.window_size > 0@[65535,42405,0][0,0,0]
+@T-Large Time Delay (>2 seconds)@frame.time_delta_displayed > 2.0@[65535,42405,0][0,0,0]
+@T-DNS Error Responses@!dns.flags.rcode == 0 && dns.flags.response == 1@[42542,28989,4143][0,0,0]
+@T-HTTP Error Response (>399)@http.response.code > 399@[65535,42405,0][0,0,0]
+@N-Window Update@expert.message == "Window update"@[0,25700,0][65535,65535,65535]
+@I-SYN Packet@tcp.flags.syn == 1@[51530,2378,2378][65535,65535,65535]
+@Bad TCP@tcp.analysis.flags@[0,0,0][65535,24383,24383]
+@N-TCP Header > 20@tcp.hdr_len > 20@[0,25700,0][65535,65535,65535]
+@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
+@Spanning Tree Topology  Change@stp.type == 0x80@[0,0,0][65535,63222,0]
+@OSPF State Change@ospf.msg != 1@[0,0,0][65535,63222,0]
+@ICMP errors@icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4@[0,0,0][0,65535,3616]
+@ARP@arp@[55011,59486,65534][0,0,0]
+@ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
+@TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
+!@Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383]
+@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
+@HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
+@IPX@ipx || spx@[65534,58325,58808][0,0,0]
+@DCERPC@dcerpc@[51199,38706,65533][0,0,0]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
+@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
+@TCP@tcp@[59345,58980,65534][0,0,0]
+@UDP@udp@[28834,57427,65533][0,0,0]
+@Broadcast@eth[0] & 1@[65535,65535,65535][32768,32768,32768]

decode_as_entries

@@ -0,0 +1,6 @@
+# "Decode As" entries file for Wireshark 1.99.5.
+#
+# This file is regenerated each time "Decode As" preferences
+# are saved within Wireshark. Making manual changes should be safe,
+# however.
+decode_as_entry: tcp.port,6001,X11,DIAMETER

dfilters

@@ -0,0 +1,16 @@
+"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
+"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
+"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
+"No ARP" not arp
+"IP only" ip
+"IP address 192.168.0.1" ip.addr == 192.168.0.1
+"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
+"IPX only" ipx
+"TCP only" tcp
+"UDP only" udp
+"UDP port isn't 53 (not DNS), don't use != for this!" !(tcp.port == 53)
+"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
+"HTTP" http
+"No ARP and no DNS" not arp and !(udp.port == 53)
+"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1
+"T- Coloring Rules" frame.coloring_rule.name contains "T-"

disabled_protos

@@ -0,0 +1,4 @@
+esl
+hilscher
+lanforge
+prp

io_graphs

@@ -0,0 +1 @@
+# This file is automatically generated, DO NOT MODIFY.

recent

@@ -0,0 +1,85 @@
+# Recent settings file for Wireshark 2.3.0-1116-g1d35c7f.
+#
+# This file is regenerated each time Wireshark is quit
+# and when changing configuration profile.
+# So be careful, if you want to make manual changes here.
+
+
+# Main Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.toolbar_main_show: TRUE
+
+# Filter Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.filter_toolbar_show: TRUE
+
+# Wireless Settings Toolbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.wireless_toolbar_show: FALSE
+
+# Packet list show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.packet_list_show: TRUE
+
+# Tree view show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.tree_view_show: TRUE
+
+# Byte view show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.byte_view_show: TRUE
+
+# Statusbar show (hide).
+# TRUE or FALSE (case-insensitive).
+gui.statusbar_show: TRUE
+
+# Packet list colorize (hide).
+# TRUE or FALSE (case-insensitive).
+gui.packet_list_colorize: TRUE
+
+# Timestamp display format.
+# One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_YMD, ABSOLUTE_WITH_YDOY, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_YMD, UTC_WITH_YDOY, UTC_WITH_DATE
+gui.time_format: DELTA_DIS
+
+# Timestamp display precision.
+# One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
+gui.time_precision: AUTO
+
+# Seconds display format.
+# One of: SECONDS, HOUR_MIN_SEC
+gui.seconds_format: SECONDS
+
+# Zoom level.
+# A decimal number.
+gui.zoom_level: 0
+
+# Bytes view.
+# A decimal number.
+gui.bytes_view: 0
+
+# Main window upper (or leftmost) pane size.
+# Decimal number.
+gui.geometry_main_upper_pane: 429
+
+# Main window middle pane size.
+# Decimal number.
+gui.geometry_main_lower_pane: 474
+
+# Packet list column pixel widths.
+# Each pair of strings consists of a column format and its pixel width.
+column.width: %m, 78, %t, 95, %Cus:tcp.time_delta, 100, %s, 120, %d, 120, %p, 91, %Cus:tcp.window_size, 83, %Cus:tcp.options.mss_val, 100, %Cus:ip.len, 87, %Cus:ip.ttl, 82, %Cus:ip.hdr_len, 100, %i, 908
+
+# Open conversation dialog tabs.
+# List of conversation names, e.g. "TCP", "IPv6".
+gui.conversation_tabs: 
+	""
+
+# Open endpoint dialog tabs.
+# List of endpoint names, e.g. "TCP", "IPv6".
+gui.endpoint_tabs: 
+	""
+
+# For RLC stats, whether to use RLC PDUs found inside MAC frames.
+# TRUE or FALSE (case-insensitive).
+gui.rlc_pdus_from_mac_frames: FALSE
+

ssl_keys

@@ -0,0 +1 @@
+# This file is automatically generated, DO NOT MODIFY.