aboutsummaryrefslogtreecommitdiffstats
path: root/colorfilters
blob: b98b74ceb27cb04237f7de275e9bb258776812cb (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

# DO NOT EDIT THIS FILE!  It was created by Wireshark
@Bad TCP@tcp.analysis.flags && !tcp.analysis.window_update@[0,0,0][65535,24383,24383]
@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
@Spanning Tree Topology  Change@stp.type == 0x80@[0,0,0][65535,63222,0]
@OSPF State Change@ospf.msg != 1@[0,0,0][65535,63222,0]
@ICMP errors@icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4@[0,0,0][0,65535,3616]
@ARP@arp@[55011,59486,65534][0,0,0]
@ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
@TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
@SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911]
@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
@Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1@[0,0,0][65535,24383,24383]
@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
@HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
@IPX@ipx || spx@[65534,58325,58808][0,0,0]
@DCERPC@dcerpc@[51199,38706,65533][0,0,0]
@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
@TCP@tcp@[59345,58980,65534][0,0,0]
@UDP@udp@[28834,57427,65533][0,0,0]
@Broadcast@eth[0] & 1@[65535,65535,65535][32768,32768,32768]

# Bluetooth
# For Bluetooth each color is assigned to dissector,
# but higher position on that list is needed for meet encapsulation
# requirements, for example AVRCP is on top of AVCTP,
# AVCTP is on top of L2CAP, etc.
@AVRCP@btavrcp@[42408,33825,25486][5111,4915,4652]
@AVCTP@btavctp@[52805,45039,37599][5111,4915,4652]
@BNEP@btbnep@[46590,24119,49858][5111,4915,4652]
@HID@bthid@[47057,38562,38562][5111,4915,4652]
@OBEX@btobex@[15856,45391,43152][5111,4915,4652]
@SAP@btsap@[51110,54321,18857][5111,4915,4652]
@HFP@bthfp@[57840,49413,65535][5111,4915,4652]
@RFCOMM@btrfcomm@[64249,44202,25136][5111,4915,4652]
@SDP@btsdp@[34255,42642,22057][5111,4915,4652]
@L2CAP@btl2cap@[58215,49541,23520][0,0,0]
@SCO@bthci_sco@[65535,28803,61093][5111,4915,4652]
@HCI_EVT@bthci_evt@[47126,60905,65535][5111,4915,4652]
@HCI_CMD@bthci_cmd@[18901,48590,65535][0,0,0]
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 02:34:49 +0000