| Example | ||
|---|---|---|
| http dns |
||
| ip.addr == 192.168.0.1 | ||
| ip.addr == 192.168.5.0/24 | ||
| ip.src == 192.168.0.1 | ||
| ip.dst == 192.168.0.1 | ||
| tcp.port == 80 | ||
| tcp.dstport == 80 | ||
| tcp.srcport == 80 | ||
| udp.port == 53 | ||
| udp.srcport == 123 | ||
| udp.dstport == 123 | ||
| DF Flag(Don’t Fragment) | ip.flags.df == 1 | |
| tcp.flags.fin == 1 | ||
| tcp.flags.reset == 1 | ||
| and | ip.addr == 192.168.0.1 and tcp.port == 80 | |
| not | ip.addr == 192.168.31.1 and not tcp.port == 80 ip.addr == 192.168.31.1 and !(tcp.port == 80) |