You can find all filters keyword by expanding the element in the packet detail pane , clicking on the element and looking at the word in parenthesis at the bottom of the capture file.
**** Layer 1
frame.encap_type == 1 # frame encapsulation type
frame.number == 35 # frame number
frame.len == 1058 # frame length
**** Layer 2
eth.dst == 00:1f:a0:02:66:29
eth.addr == 00:1f:a0:02:66:29 # ethernet address ( same as above)
eth.type == 0x0800 # ethernet type
*** Layer 3
ip.version == 4 # ip version 4 or 6
ip.hdr_len == 20 # ip header length
ip.dsfield == 0
ip.dsfield.dscp == 0x00
ip.dsfield.ecn == 0x00
ip.len == 1044
ip.id == 0x123 # ip identification
ip.flags == 0x00 # ip flags
ip.flags.rb == 0 # reserve bit
ip.flags.df == 0 # don't fragment bit
ip.flags.mf == 0 # more fragment bit
ip.frag_offset == 0
ip.ttl == 64
ip.proto == 6
ip.checksum == 0xaaa1
ip.src == 10.10.10.10
ip.dst == 10.10.10.10
*** Layer 4
tcp.flags.ack == 1 # tcp ack flag set to 1
tcp.hdr_len == 20 # tcp header length of 20bytes
tcp.ack == 1 # ack sequence of 1
tcp.len == 1004 # tcp segment length
tcp.dstport == 22616
tcp.srcport == 10000
*** Layer 7
* payload
data.data == XXXX
* payload length
data.len == 1004
No comments:
Post a Comment