84a57cb2eb
TCP. DNS runs over both so update the filter to exclude both. Thanks to Yaron Fainstein for noticing this. Change-Id: I0c4d1fef7f8d725bf656cca87ba5908893fff0b2 Reviewed-on: https://code.wireshark.org/review/1028 Reviewed-by: Gerald Combs <gerald@wireshark.org>
16 lines
659 B
Text
16 lines
659 B
Text
"Ethernet address 00:08:15:00:08:15" eth.addr == 00:08:15:00:08:15
|
|
"Ethernet type 0x0806 (ARP)" eth.type == 0x0806
|
|
"Ethernet broadcast" eth.addr == ff:ff:ff:ff:ff:ff
|
|
"No ARP" not arp
|
|
"IP only" ip
|
|
"IP address 192.168.0.1" ip.addr == 192.168.0.1
|
|
"IP address isn't 192.168.0.1, don't use != for this!" !(ip.addr == 192.168.0.1)
|
|
"IPX only" ipx
|
|
"TCP only" tcp
|
|
"UDP only" udp
|
|
"Non-DNS" !(udp.port == 53 || tcp.port == 53)
|
|
"TCP or UDP port is 80 (HTTP)" tcp.port == 80 || udp.port == 80
|
|
"HTTP" http
|
|
"No ARP and no DNS" not arp and !(udp.port == 53)
|
|
"Non-HTTP and non-SMTP to/from 192.168.0.1" not (tcp.port == 80) and not (tcp.port == 25) and ip.addr == 192.168.0.1
|