aboutsummaryrefslogtreecommitdiffstats
path: root/dfilters
diff options
context:
space:
mode:
Diffstat (limited to 'dfilters')
-rw-r--r--dfilters15
1 files changed, 15 insertions, 0 deletions
diff --git a/dfilters b/dfilters
new file mode 100644
index 0000000000..3930f8d4c3
--- /dev/null
+++ b/dfilters
@@ -0,0 +1,15 @@
+"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
+"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
+"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
+"No ARP" not arp
+"IP only" ip
+"IP address 192.168.0.1" ip.addr == 192.168.0.1
+"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
+"IPX only" ipx
+"TCP only" tcp
+"UDP only" udp
+"UDP port isn't 53 (not DNS), don't use != for this!" !(tcp.port == 53)
+"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
+"HTTP" http
+"No ARP and no DNS" not arp and !(udp.port == 53)
+"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1