TODO decrypt_krb5_data => proto_tree_add_expert_format cryptotvb TODO: decrypted_tvb
[metze/wireshark/wip.git] / colorfilters
index 18b5f2b8cfe674c32eb383faa0ff807ece69c2f2..c9848198b2301a935dae05a622e4dd300fa12fff 100644 (file)
@@ -8,38 +8,14 @@
 @ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796]
 @TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
 @SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[42148,0,0][60652,61680,60395]
-@Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1@[4718,10030,11796][63479,34695,34695]
-@SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65278,65535,53456][4718,10030,11796]
-@HTTP@http || tcp.port == 80@[58596,65535,51143][4718,10030,11796]
-@IPX@ipx || spx@[65534,58325,58808][4718,10030,11796]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim && !ospf) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]
+@Checksum Errors@eth.fcs.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad" || sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad" || cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || wlan.fcs.status=="Bad" || stt.checksum.status=="Bad"@[4718,10030,11796][63479,34695,34695]
+@SMB@smb || nbss || nbns || netbios@[65278,65535,53456][4718,10030,11796]
+@HTTP@http || tcp.port == 80 || http2@[58596,65535,51143][4718,10030,11796]
 @DCERPC@dcerpc@[51199,38706,65533][4718,10030,11796]
-@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
 @TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][4718,10030,11796]
 @TCP@tcp@[59345,58980,65535][4718,10030,11796]
 @UDP@udp@[56026,61166,65535][4718,10030,11796]
 @Broadcast@eth[0] & 1@[65535,65535,65535][47802,48573,46774]
-
-# Bluetooth
-# For Bluetooth each color is assigned to dissector,
-# but higher position on that list is needed for meet encapsulation
-# requirements, for example AVRCP is on top of AVCTP,
-# AVCTP is on top of L2CAP, etc.
-@AVRCP@btavrcp@[42408,33825,25486][5111,4915,4652]
-@AVCTP@btavctp@[52805,45039,37599][5111,4915,4652]
-@HCRP@bthcrp@[38416,38416,38416][5111,4915,4652]
-@BNEP@btbnep@[46590,24119,49858][5111,4915,4652]
-@HID@bthid@[47057,38562,38562][5111,4915,4652]
-@OBEX@btobex@[15856,45391,43152][5111,4915,4652]
-@SAP@btsap@[51110,54321,18857][5111,4915,4652]
-@HFP@bthfp@[57840,49413,65535][5111,4915,4652]
-@DUN@btdun@[54914,48086,52739][7995,7208,6946]
-@GNSS@btgnss@[65535,56858,42421][7995,7208,6946]
-@RFCOMM@btrfcomm@[64249,44202,25136][5111,4915,4652]
-@MCAP@btmcap@[62194,62965,53970][5111,4915,4652]
-@SDP@btsdp@[34255,42642,22057][5111,4915,4652]
-@ATT@btatt@[35252,51463,40197][7995,7208,6946]
-@L2CAP@btl2cap@[58215,49541,23520][4718,10030,11796]
-@SCO@bthci_sco@[65535,28803,61093][5111,4915,4652]
-@HCI_EVT@bthci_evt@[47126,60905,65535][5111,4915,4652]
-@HCI_CMD@bthci_cmd@[18901,48590,65535][4718,10030,11796]
+@System Event@systemd_journal || sysdig@[59110,59110,59110][11565,28527,39578]