diff options
author | Uli Heilmeier <uh@heilmeier.eu> | 2022-11-04 21:54:43 +0100 |
---|---|---|
committer | John Thacker <johnthacker@gmail.com> | 2022-12-12 12:38:29 +0000 |
commit | 740778e16ddbee1212ad13168eebdf785a5c1503 (patch) | |
tree | 968639387fd4653e3e3a7491e8345294783ace01 | |
parent | 2e22eb835720ec4dbef03783bfff65b0048d5c47 (diff) |
Colorfilters: Updating TTL low or unexpected
Adding some more protocols and a rule for IPv6.
Fixes: #18593
-rw-r--r-- | resources/share/wireshark/colorfilters | 3 | ||||
-rw-r--r-- | resources/share/wireshark/profiles/Bluetooth/colorfilters | 3 | ||||
-rw-r--r-- | resources/share/wireshark/profiles/Classic/colorfilters | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/resources/share/wireshark/colorfilters b/resources/share/wireshark/colorfilters index bf55412e31..b20e464dd4 100644 --- a/resources/share/wireshark/colorfilters +++ b/resources/share/wireshark/colorfilters @@ -8,7 +8,8 @@ @ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796] @TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092] @SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092] -@TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !pim && !ospf) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395] +@IPv4 TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !(pim || ospf || eigrp || bgp || tcp.port==179)) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp || eigrp || rip || glbp))@[42148,0,0][60652,61680,60395] +@IPv6 hop limit low or unexpected@(ipv6.dst != ff00::/8 && ipv6.hlim < 5 && !( ospf|| bgp || tcp.port==179)) || (ipv6.dst==ff00::/8 && ipv6.hlim not in {1, 64, 255})@[42148,0,0][60652,61680,60395] @Checksum Errors@eth.fcs.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad" || sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad" || cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || wlan.fcs.status=="Bad" || stt.checksum.status=="Bad"@[4718,10030,11796][63479,34695,34695] @SMB@smb || nbss || nbns || netbios@[65278,65535,53456][4718,10030,11796] @HTTP@http || tcp.port == 80 || http2@[58596,65535,51143][4718,10030,11796] diff --git a/resources/share/wireshark/profiles/Bluetooth/colorfilters b/resources/share/wireshark/profiles/Bluetooth/colorfilters index f4fcf097d8..3d58a6acb5 100644 --- a/resources/share/wireshark/profiles/Bluetooth/colorfilters +++ b/resources/share/wireshark/profiles/Bluetooth/colorfilters @@ -8,7 +8,8 @@ @ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0] @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911] @SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911] -@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395] +@IPv4 TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !(pim || ospf || eigrp || bgp || tcp.port==179)) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp || eigrp || rip || glbp))@[42148,0,0][60652,61680,60395] +@IPv6 hop limit low or unexpected@(ipv6.dst != ff00::/8 && ipv6.hlim < 5 && !( ospf|| bgp || tcp.port==179)) || (ipv6.dst==ff00::/8 && ipv6.hlim not in {1, 64, 255})@[42148,0,0][60652,61680,60395] @Checksum Errors@cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad"|| sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad"@[0,0,0][65535,24383,24383] @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0] @HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0] diff --git a/resources/share/wireshark/profiles/Classic/colorfilters b/resources/share/wireshark/profiles/Classic/colorfilters index 85ed3f0e55..4eacdf9a7c 100644 --- a/resources/share/wireshark/profiles/Classic/colorfilters +++ b/resources/share/wireshark/profiles/Classic/colorfilters @@ -8,7 +8,8 @@ @ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0] @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911] @SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911] -@TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !pim && !ospf) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395] +@IPv4 TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !(pim || ospf || eigrp || bgp || tcp.port==179)) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp || eigrp || rip || glbp))@[42148,0,0][60652,61680,60395] +@IPv6 hop limit low or unexpected@(ipv6.dst != ff00::/8 && ipv6.hlim < 5 && !( ospf|| bgp || tcp.port==179)) || (ipv6.dst==ff00::/8 && ipv6.hlim not in {1, 64, 255})@[42148,0,0][60652,61680,60395] @Checksum Errors@eth.fcs.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad" || sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad" || cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || wlan.fcs.status=="Bad" || stt.checksum.status=="Bad"@[0,0,0][65535,24383,24383] @SMB@smb || nbss || nbns || netbios@[65534,64008,39339][0,0,0] @HTTP@http || tcp.port == 80 || http2@[36107,65535,32590][0,0,0] |