| DISPLAY FILTER |
EXPLANATION |
EXAMPLE |
| eth.addr |
source or destination mac-address |
eth.addr == 00:1a:6b:ce:fc:bb |
| eth.src |
source mac-address |
eth.src == 00:1a:6b:ce:fc:bb |
| eth.dst |
destination mac-address |
eth.dst == 00:1a:6b:ce:fc:bb |
| arp.dst.hw_mac |
target mac-address |
arp.dst.hw_mac == 00:1a:6b:ce:fc:bb |
| arp.dst.proto_ipv4 |
target IPv4 address |
arp.dst.proto_ipv4 == 10.10.10.10 |
| arp.src.hw_mac |
sender mac-address |
arp.src.hw_mac == 00:1a:6b:ce:fc:bb |
| arp.src.proto_ipv4 |
sender IPv4 address |
arp.src.proto_ipv4 == 10.10.10.10 |
| vlan.id |
vlan ID |
vlan.id == 16 |
| ip.addr |
source or destination IPv4 address |
ip.addr == 10.10.10.10 |
| ip.dst |
destination IPv4 address |
ip.addr == 10.10.10.10 |
| ip.src |
source IPv4 address |
ip.src == 10.10.10.10 |
| ip.proto |
IP protocol(decimal) |
ip.proto == 1 |
| ipv6.addr |
source or destination IPv6 address |
ipv6.addr == 2001::5 |
| ipv6.src |
source IPv6 address |
ipv6.addr == 2001::5 |
| ipv6.dst |
destination IPv6 address |
ipv6.dst == 2001::5 |
| tcp.port |
source or destination TCP port |
tcp.port == 20 |
| tcp.dstport |
destination TCP port |
tcp.dstport == 80 |
| tcp.srcport |
source TCP port |
tcp.srcport == 60234 |
| udp.port |
source or destination UDP port |
udp.port == 513 |
| udp.dstport |
destination UDP port |
udp.dstport == 513 |
| udp.srcport |
source UDP port |
udp.srcport == 40000 |
| fr.dlci |
Frame-Relay DLCI number |
fr.dlci == 112 |
| icmp.type |
ICMP type code (decimal) |
icmp.type == 8 |
| vtp.vlan_info.vlan_name |
VLAN name |
vtp.vlan_info.vlan_name == TEST |
| bgp.originator_id |
BGP id (IPv4 address) |
bgp.originator_id == 192.168.10.15 |
| bgp.next_hop |
BGP Next Hop (IPv4 address) |
bgp.next_hop == 192.168.10.15 |
| rip.ip |
RIP IPv4 address |
rip.ip == 200.0.2.0 |
| ospf.advrouter |
OSPF advertising router ID |
ospf.advrouter == 192.168.170.8 |
| eigrp.as |
EIGRP autonomous system number |
eigrp.as == 100 |
| hsrp.virt_ip |
HSRP virtual IP address |
hsrp.virt_ip == 192.168.23.250 |
| vrrp.ip_addr |
VRRP virtual IP address |
vrrp.ip_addr == 192.168.23.250 |
| zebra.dest4 |
ZEBRA destination IPv4 address |
zebra.dest4 == 10.10.10.10 |
| wlan.addr |
source or destination MAC address |
wlan.addr == 00:1a:6b:ce:fc:bb |
| wlan.sa |
source MAC address |
wlan.sa == 00:1a:6b:ce:fc:bb |
| wlan.da |
destination MAC address |
wlan.da == 00:1a:6b:ce:fc:bb |
* source 와 destination 의 tcp port 가 9011 이거나 50168 인 경우에 대한 필터
- (tcp.dstport == 9011 && tcp.srcport==50168) || (tcp.srcport==9011 && tcp.dstport == 50168)
- 9011 포트와 50168 포트로 통신한 모든 기록들을 추적할 수 있다
- 해당 필터후 Row 하나를 선택해서 Transmission Control Protocol 정보를 살펴보면 Stream index를 확인 할 수 있다
- filter 에 tcp.stream==[index] 값으로 조건을 추가하면 하나의 connection 에 대한 연결 정보만 취할 수 있게 된다