beef3c0791
The default colorfilter for "Bad Checksum" does not include the Ethernet Frame Check Sequence (FCS) test. It seems reasonable that it should be included in this filter rule. It is only indicated if the Ethernet dissector "Validate the Ethernet checksum if possible" preference is set and the FCS is believed to be present (via wiretap heuristic/dissector preference). From me: re-order the list of bad checksum fields. svn path=/trunk/; revision=44010
22 lines
1.6 KiB
Text
22 lines
1.6 KiB
Text
# DO NOT EDIT THIS FILE! It was created by Wireshark
|
|
@Bad TCP@tcp.analysis.flags && !tcp.analysis.window_update@[0,0,0][65535,24383,24383]
|
|
@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
|
|
@Spanning Tree Topology Change@stp.type == 0x80@[0,0,0][65535,63222,0]
|
|
@OSPF State Change@ospf.msg != 1@[0,0,0][65535,63222,0]
|
|
@ICMP errors@icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4@[0,0,0][0,65535,3616]
|
|
@ARP@arp@[55011,59486,65534][0,0,0]
|
|
@ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
|
|
@TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
|
|
@SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911]
|
|
@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
|
|
@Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1@[0,0,0][65535,24383,24383]
|
|
@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
|
|
@HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
|
|
@IPX@ipx || spx@[65534,58325,58808][0,0,0]
|
|
@DCERPC@dcerpc@[51199,38706,65533][0,0,0]
|
|
@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
|
|
@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
|
|
@TCP@tcp@[59345,58980,65534][0,0,0]
|
|
@UDP@udp@[28834,57427,65533][0,0,0]
|
|
@Broadcast@eth[0] & 1@[65535,65535,65535][32768,32768,32768]
|