osmocom/wireshark
14
0
Fork 1
Code Issues Pull requests Projects Releases Wiki Activity
wireshark/dfilters
Gerald Combs 84a57cb2eb The "not DNS" filter used UDP in the description but matched against 
TCP. DNS runs over both so update the filter to exclude both.

Thanks to Yaron Fainstein for noticing this.

Change-Id: I0c4d1fef7f8d725bf656cca87ba5908893fff0b2
Reviewed-on: https://code.wireshark.org/review/1028
Reviewed-by: Gerald Combs <gerald@wireshark.org>
2014-04-08 19:24:13 +00:00

16 lines
659 B
Text
Raw Blame History

"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
"No ARP" not arp
"IP only" ip
"IP address 192.168.0.1" ip.addr == 192.168.0.1
"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
"IPX only" ipx
"TCP only" tcp
"UDP only" udp
"Non-DNS" !(udp.port == 53 || tcp.port == 53)
"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
"HTTP" http
"No ARP and no DNS" not arp and !(udp.port == 53)
"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1
Reference in a new issue View git blame Copy permalink