diff options
Diffstat (limited to 'dfilters')
| -rw-r--r-- | dfilters | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -2,9 +2,11 @@ "Ethernet type 0x0806 (ARP)" eth.type == 0x0806 "Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff "No ARP" not arp -"IP only" ip -"IP address 192.168.0.1" ip.addr == 192.168.0.1 -"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1) +"IPv4 only" ip +"IPv4 address 192.0.2.1" ip.addr == 192.0.2.1 +"IPv4 address isn't 192.0.2.1 (don't use != for this!)" !(ip.addr == 192.0.2.1) +"IPv6 only" ipv6 +"IPv6 address 2001:db8::1" ipv6.addr == 2001:db8::1 "IPX only" ipx "TCP only" tcp "UDP only" udp @@ -12,4 +14,4 @@ "TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80 "HTTP" http "No ARP and no DNS" not arp and !(udp.port == 53) -"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1 +"Non-HTTP and non-SMTP to/from 192.0.2.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.0.2.1 |