Network Security Wiki

Packet Captures: Difference between revisions

Page Discussion

Packet Captures (view source)

Revision as of 17:19, 6 November 2016

105 bytes added ,  7 years ago
m
→‎Capture Filter Primitives: table
Line 357:
 
====Capture Filter Primitives====
{| class="wikitable"
 
|-
[src|dst] host <host> Matches a host as the IP source, destination, or either
! Filter !! Description
ether [src|dst] host <ehost> Matches a host as the Ethernet source, destination, or either
|-
gateway host <host> Matches packets which used host as a gateway
| [src|dst] nethost <network>/<lenhost> || Matches packetsa tohost oras fromthe anIP endpointsource, residingdestination, inor networkeither
|-
[tcp|udp] [src|dst] port <port> Matches TCP or UDP packets sent to/from port
[tcp|udp] ether [src|dst] portrangehost <p1>-<p2ehost> || Matches TCPa orhost UDPas packetsthe to/fromEthernet asource, portdestination, in the givenor rangeeither
|-
less <length> Matches packets less than or equal to length
greater| gateway host <lengthhost> || Matches packets greaterwhich thanused orhost equalas toa lengthgateway
|-
(ether|ip|ip6) proto <protocol> Matches an Ethernet, IPv4, or IPv6 protocol
| [src|dst] net <network>/<len> || Matches packets to or from an endpoint residing in network
(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts
|-
(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts
| [tcp|udp] [src|dst] port <port> || Matches TCP or UDP packets sent to/from port
type (mgt|ctl|data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype
|-
vlan [<vlan>] Matches 802.1Q frames, optionally with a VLAN ID of vlan
| [tcp|udp] [src|dst] portrange <p1>-<p2> || Matches TCP or UDP packets to/from a port in the given range
mpls [<label>] Matches MPLS packets, optionally with a label of label
|-
<expr> <relop> <expr> Matches packets by an arbitrary expression
| less <length> || Matches packets less than or equal to length
|-
| greater <length> || Matches packets greater than or equal to length
|-
| (ether|ip|ip6) proto <protocol> || Matches an Ethernet, IPv4, or IPv6 protocol
|-
| (ether|ip) broadcast || Matches Ethernet or IPv4 broadcasts
|-
| (ether|ip|ip6) multicast || Matches Ethernet, IPv4, or IPv6 multicasts
|-
| type (mgt|ctl|data) [subtype <subtype>] || Matches 802.11 frames based on type and optional subtype
|-
| vlan [<vlan>] || Matches 802.1Q frames, optionally with a VLAN ID of vlan
|-
| mpls [<label>] || Matches MPLS packets, optionally with a label of label
|-
| <expr> <relop> <expr> || Matches packets by an arbitrary expression
|}
 
====Command Line Options====
Retrieved from "https://aman.awiki.org/wiki/Special:MobileDiff/1245"