| 1 | | == Broadcast IP packets that didn't use ethernet broadcast == |
| 2 | | {{{ ether[0] & 1 == 0 and ip[16] >= 224 }}} |
| 3 | | == Non ICMP Echo-Request/Echo-Reply ICMP packets == |
| 4 | | {{{'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply' }}} |
| 5 | | == TCP SYN packets == |
| 6 | | {{{'tcp[13] & 2 == 2'}}}[[BR]] |
| 7 | | {{{'tcp[13] == 2'}}}[BR] |
| 8 | | {{{'tcp[tcpflags] & tcp-syn != 0}}}[[BR]] |
| 9 | | == DNS Related == |
| 10 | | === Queries === |
| 11 | | {{{'port 53 and udp[10]&0x80==0x00'}}} |
| 12 | | === Responses === |
| 13 | | {{{'port 53 and udp[10]&0x80!=0x00'}}} |
| 14 | | === Successful replies (RCODE=!NoError)) === |
| 15 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==0'}}} |
| 16 | | === Format Error (RCODE=!FormErr) === |
| 17 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==1'}}} |
| 18 | | === Server failure (RCODE=!ServFail) === |
| 19 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==2'}}} |
| 20 | | === Name Error (RCODE=NXDOMAIN) === |
| 21 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==3'}}} |
| 22 | | === Not implemented (RCODE=!NotImp) === |
| 23 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==4'}}} |
| 24 | | === Refused (RCODE=Refused) === |
| 25 | | {{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==5'}}} |
| 26 | | === Truncated reply (requiring a resend via TCP) === |
| 27 | | {{{'port 53 and udp[10]&0x02!=0'}}} |
| | 1 | Inteilglecne and simplicity - easy to understand how you think. |
