Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # DO NOT EDIT THIS FILE! It was created by Wireshark
- @Broadcast@eth[0] & 1@[65535,65535,65535][32768,32768,32768]
- @Beacon@wlan.fc.type == 0 and wlan.fc.subtype == 8@[65535,65535,65535][0,1858,65535]
- @Probe Request@wlan.fc.type == 0 and wlan.fc.subtype == 4@[65535,65535,65535][38911,15274,0]
- @Probe Response@wlan.fc.type == 0 and wlan.fc.subtype == 5@[65535,65535,65535][44787,24988,0]
- @Ack@wlan.fc.type == 1 and wlan.fc.subtype == 13@[65534,65534,65534][54782,42132,681]
- @Authentication@wlan.fc.type == 0 and wlan.fc.subtype == 0xb@[65535,65535,65535][65535,0,0]
- @Association Request@wlan.fc.type == 0 and wlan.fc.subtype == 0@[65535,65535,65535][0,45356,27678]
- @Association Response@wlan.fc.type == 0 and wlan.fc.subtype == 1@[65535,65535,65535][0,41283,11948]
- @data-with-retry@wlan.fc.type == 2 and wlan.fc.retry == 1@[45452,45452,45452][37787,65535,54315]
- @802.1X@llc.type == 0x888E@[65535,65535,65535][61063,0,65535]
- @data-power-save@wlan.fc.type == 2 and wlan.fc.pwrmgt == 1@[65535,46544,46544][0,32251,28144]
- @Data@wlan.fc.type == 2 and wlan.da[0] & 1@[65535,65535,65535][0,30565,30222]
- @Deauth@wlan.fc.type == 0 and wlan.fc.subtype == 12@[65535,65535,65535][65535,0,0]
- @Data (UC)@wlan.fc.type == 2 and !(wlan.da[0] & 1) @[65535,65535,65535][23943,23943,23943]
- !@Bad TCP@tcp.analysis.flags@[0,0,0][65535,24383,24383]
- !@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[0,0,0][65535,63222,0]
- !@Spanning Tree Topology Change@stp.type == 0x80@[0,0,0][65535,63222,0]
- !@OSPF State Change@ospf.msg != 1@[0,0,0][65535,63222,0]
- !@ICMP errors@icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 11 || icmp.type eq 5@[0,0,0][0,65535,3616]
- !@ARP@arp@[55011,59486,65534][0,0,0]
- !@ICMP@icmp@[49680,49737,65535][0,0,0]
- !@TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
- !@Low TTL@ip.ttl < 5@[37008,0,0][65535,65535,65535]
- !@Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1@[0,0,0][65535,24383,24383]
- !@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
- !@HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
- !@IPX@ipx || spx@[65534,58325,58808][0,0,0]
- !@DCERPC@dcerpc@[51199,38706,65533][0,0,0]
- !@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
- !@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
- !@TCP@tcp@[59345,58980,65534][0,0,0]
- !@UDP@udp@[28834,57427,65533][0,0,0]
Add Comment
Please, Sign In to add comment