DISPLAY FILTER |
EXPLANATION |
EXAMPLE |
eth.addr |
source or destination mac-address |
eth.addr == 00:1a:6b:ce:fc:bb |
eth.src |
source mac-address |
eth.src == 00:1a:6b:ce:fc:bb |
eth.dst |
destination mac-address |
eth.dst == 00:1a:6b:ce:fc:bb |
arp.dst.hw_mac |
target mac-address |
arp.dst.hw_mac == 00:1a:6b:ce:fc:bb |
arp.dst.proto_ipv4 |
target IPv4 address |
arp.dst.proto_ipv4 == 10.10.10.10 |
arp.src.hw_mac |
sender mac-address |
arp.src.hw_mac == 00:1a:6b:ce:fc:bb |
arp.src.proto_ipv4 |
sender IPv4 address |
arp.src.proto_ipv4 == 10.10.10.10 |
vlan.id |
vlan ID |
vlan.id == 16 |
ip.addr |
source or destination IPv4 address |
ip.addr == 10.10.10.10 |
ip.dst |
destination IPv4 address |
ip.addr == 10.10.10.10 |
ip.src |
source IPv4 address |
ip.src == 10.10.10.10 |
ip.proto |
IP protocol(decimal) |
ip.proto == 1 |
ipv6.addr |
source or destination IPv6 address |
ipv6.addr == 2001::5 |
ipv6.src |
source IPv6 address |
ipv6.addr == 2001::5 |
ipv6.dst |
destination IPv6 address |
ipv6.dst == 2001::5 |
tcp.port |
source or destination TCP port |
tcp.port == 20 |
tcp.dstport |
destination TCP port |
tcp.dstport == 80 |
tcp.srcport |
source TCP port |
tcp.srcport == 60234 |
udp.port |
source or destination UDP port |
udp.port == 513 |
udp.dstport |
destination UDP port |
udp.dstport == 513 |
udp.srcport |
source UDP port |
udp.srcport == 40000 |
fr.dlci |
Frame-Relay DLCI number |
fr.dlci == 112 |
icmp.type |
ICMP type code (decimal) |
icmp.type == 8 |
vtp.vlan_info.vlan_name |
VLAN name |
vtp.vlan_info.vlan_name == TEST |
bgp.originator_id |
BGP id (IPv4 address) |
bgp.originator_id == 192.168.10.15 |
bgp.next_hop |
BGP Next Hop (IPv4 address) |
bgp.next_hop == 192.168.10.15 |
rip.ip |
RIP IPv4 address |
rip.ip == 200.0.2.0 |
ospf.advrouter |
OSPF advertising router ID |
ospf.advrouter == 192.168.170.8 |
eigrp.as |
EIGRP autonomous system number |
eigrp.as == 100 |
hsrp.virt_ip |
HSRP virtual IP address |
hsrp.virt_ip == 192.168.23.250 |
vrrp.ip_addr |
VRRP virtual IP address |
vrrp.ip_addr == 192.168.23.250 |
zebra.dest4 |
ZEBRA destination IPv4 address |
zebra.dest4 == 10.10.10.10 |
wlan.addr |
source or destination MAC address |
wlan.addr == 00:1a:6b:ce:fc:bb |
wlan.sa |
source MAC address |
wlan.sa == 00:1a:6b:ce:fc:bb |
wlan.da |
destination MAC address |
wlan.da == 00:1a:6b:ce:fc:bb |
* source 와 destination 의 tcp port 가 9011 이거나 50168 인 경우에 대한 필터
- (tcp.dstport == 9011 && tcp.srcport==50168) || (tcp.srcport==9011 && tcp.dstport == 50168)
- 9011 포트와 50168 포트로 통신한 모든 기록들을 추적할 수 있다
- 해당 필터후 Row 하나를 선택해서 Transmission Control Protocol 정보를 살펴보면 Stream index를 확인 할 수 있다
- filter 에 tcp.stream==[index] 값으로 조건을 추가하면 하나의 connection 에 대한 연결 정보만 취할 수 있게 된다