Changes between Version 4 and Version 5 of FilterExpressions


Ignore:
Timestamp:
02/03/12 06:11:56 (9 years ago)
Author:
perry
Comment:

Dewikispam. Sigh.

Legend:

Unmodified
Added
Removed
Modified
  • FilterExpressions

    v4 v5  
    1 Inteilglecne and simplicity - easy to understand how you think.
     1== Broadcast IP packets that didn't use ethernet broadcast ==
     2{{{ ether[0] & 1 == 0 and ip[16] >= 224 }}}
     3= Non ICMP Echo-Request/Echo-Reply ICMP packets ==
     4{{{'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply' }}}
     5== TCP SYN packets ==
     6{{{'tcp[13] & 2 == 2'}}}[[BR]]
     7{{{'tcp[13] == 2'}}}[BR]
     8{{{'tcp[tcpflags] & tcp-syn != 0}}}[[BR]]
     9== DNS Related ==
     10=== Queries ===
     11{{{'port 53 and udp[10]&0x80==0x00'}}}
     12=== Responses ===
     13{{{'port 53 and udp[10]&0x80!=0x00'}}}
     14=== Successful replies (RCODE=!NoError)) ===
     15{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==0'}}}
     16=== Format Error (RCODE=!FormErr) ===
     17{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==1'}}}
     18=== Server failure (RCODE=!ServFail) ===
     19{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==2'}}}
     20=== Name Error (RCODE=NXDOMAIN) ===
     21{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==3'}}}
     22=== Not implemented (RCODE=!NotImp) ===
     23{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==4'}}}
     24=== Refused (RCODE=Refused) ===
     25{{{'port 53 and udp[10]&0x80!=0 and udp[11]&15==5'}}}
     26=== Truncated reply (requiring a resend via TCP) ===
     27{{{'port 53 and udp[10]&0x02!=0'}}}