Code Monkey home page Code Monkey logo

wiresharkfilter's Introduction

DO NOT EDIT THIS FILE! It was created by Wireshark

@New coloring [email protected]_country_iso == "NK"@[65535,0,0][0,0,0] @High DNS [email protected] > 5@[65021,37008,5397][0,0,0] @Bad [email protected] && !tcp.analysis.window_update@[4626,10023,11822][63479,34695,34695] @Executable Header@frame contains 54:68:69:73:20:70:72:6f:67:72:61:6d:20:63:61:6e:6e:6f:74:20:62:65:20:72:75:6e:20:69:6e:20:44:4f:53:20:6d:6f:64:65:2e:0d@[65535,65535,65535][65535,17990,0] @4 NOP [email protected] contains 01:01:01:01@[65535,65535,65535][65535,0,0] @Invalid TCP packets@(tcp.flags.syn==1 and tcp.window_size == 0)@[65535,65535,65535][65535,0,0] @TCP Expert [email protected] and not (tcp.analysis.keep_alive or tcp.analysis.keep_alive_ack or tcp.analysis.window_update)@[65535,65535,65535][64764,8224,15934] @TCP [email protected]==1@[8995,65535,1542][0,0,0] @TCP [email protected] == 1@[17476,57054,65535][0,0,0] @HSRP State [email protected] != 8 && hsrp.state != 16@[4626,10023,11822][65535,64764,40092] @Spanning Tree Topology [email protected] == 0x80@[4626,10023,11822][65535,64764,40092] @OSPF State [email protected] != 1@[4626,10023,11822][65535,64764,40092] @ICMP [email protected] eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4@[4626,10023,11822][47031,63479,29812] @ARP@arp@[64250,61680,55255][4626,10023,11822] @ICMP@icmp || icmpv6@[64764,57568,65535][4626,10023,11822] @TCP [email protected] eq 1@[42148,0,0][65535,64764,40092] @SCTP [email protected]_type eq ABORT@[42148,0,0][65535,64764,40092] @TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim && !ospf) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395] @Checksum [email protected]=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad" || sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad" || cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || wlan.fcs.status=="Bad" || stt.checksum.status=="Bad"@[4626,10023,11822][63479,34695,34695] @Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65535,62451,54998][4626,10023,11822] @TCP@tcp@[59367,59110,65535][4626,10023,11822] @UDP@udp@[56026,61166,65535][4626,10023,11822] @Broadcast@eth[0] & 1@[65535,65535,65535][47802,48573,46774] @MySQL [email protected]_code> 0@[65535,65535,65535][65278,0,0] @SIP [email protected]@[65535,65535,65535][21074,38293,65278] @SIP [email protected] >= 500@[65535,65535,65535][65535,0,0] @SIP [email protected] >= 400@[65535,65535,65535][65535,44975,0] @SIP Status [email protected] < 400@[65535,65535,65535][6425,41891,0] !@TCP without Don't Fragment Flag@tcp and ip.flags.df == 0@[65535,65535,65535][65535,20817,0] @ICMP Warnings@(icmp and ((icmp.type > 0) and (icmp.type < 8) or icmp.type > 8)) or (icmpv6 and icmpv6.type < 128)@[65535,65535,65535][65535,21074,0] @TCP Teardown@(tcp.flags.fin==1)@[65535,65535,65535][8995,35209,31354] @TCP [email protected]==1@[65535,65535,65535][65535,28270,0] @IPv4 header with [email protected]_len > 20@[65535,65535,65535][65535,46003,1799] @DNS - Many Answer [email protected] > 5@[65535,65535,65535][65535,23901,0] @Spanning Tree Topology [email protected]==1@[65535,65535,65535][53970,37522,2056] @SMB Lock not [email protected]_status == 0xc0000055@[65535,65535,65535][42148,27242,10280] @HTTP Server Response Code>= [email protected] >= 400 and not http.response.code==404@[65535,65535,65535][61166,6425,6425] @FTP Response Code >= [email protected] >= 400@[65535,65535,65535][65535,0,0] @Special [email protected]==0x8035 or arp.isgratuitous==1@[65535,65535,65535][34695,0,46774] @Name Resolution Critical@(dns and (dns.flags.response == 1)) and (dns.flags.rcode==2 or dns.flags.rcode==5)@[65535,65535,65535][65535,0,0] @Name Resolution Warning@(dns and (dns.flags.response == 1)) and (dns.flags.rcode == 3)@[65535,65535,65535][65535,44975,0] @Name Resolutions@dns or nbns@[65535,65535,65535][10794,41891,39321] @[email protected]==1494 or tcp.port==2598@[65535,65535,65535][9509,34695,48059] @SMTP [email protected] >= 500@[65535,65535,65535][65535,0,0] @SMTP [email protected] >= 400@[65535,65535,65535][65535,36494,1285] @IPv6 Router Solicitation and [email protected] == 133 or icmpv6.type==134@[65535,65535,65535][65535,43176,0]

wiresharkfilter's People

Contributors

jorgevillabarreras avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.