From Todd Martin: "Flag IP TTL more intelligently".

Also: Change default "Low TTL" color filter to match. svn path=/trunk/; revision=22715
author: Bill Meier <wmeier@newsguy.com> 2007-08-28 20:58:50 +0000
committer: Bill Meier <wmeier@newsguy.com> 2007-08-28 20:58:50 +0000
commit: ac04f94a3d8fa70dcac46e4f8eafb9f2e4285674 (patch)
tree: 41926480e449a72cb470c3d34b9c6ce5989c734b /colorfilters
parent: a8d0136ed80d8f0d25264cfc8dd6ca1aa7e92a20 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/colorfilters b/colorfilters
index e4f4fecd77..615909da2c 100644
--- a/colorfilters
+++ b/colorfilters
@@ -7,7 +7,7 @@
 @ARP@arp@[55011,59486,65534][0,0,0]
 @ICMP@icmp@[49680,49737,65535][0,0,0]
 @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
-@Low TTL@ip.ttl < 5@[37008,0,0][65535,65535,65535]
+@Low TTL@( ! ip.dst == 224.0.0.0/24 && ip.ttl < 5) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
 @Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1@[0,0,0][65535,24383,24383]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
 @HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
author	Bill Meier <wmeier@newsguy.com>	2007-08-28 20:58:50 +0000
committer	Bill Meier <wmeier@newsguy.com>	2007-08-28 20:58:50 +0000
commit	ac04f94a3d8fa70dcac46e4f8eafb9f2e4285674 (patch)
tree	41926480e449a72cb470c3d34b9c6ce5989c734b /colorfilters
parent	a8d0136ed80d8f0d25264cfc8dd6ca1aa7e92a20 (diff)