Add default color filters for SCTP abort messages and checksum errors.
authorJeff Morriss <jeff.morriss@ulticom.com>
Fri, 29 Apr 2011 01:28:28 +0000 (01:28 -0000)
committerJeff Morriss <jeff.morriss@ulticom.com>
Fri, 29 Apr 2011 01:28:28 +0000 (01:28 -0000)
svn path=/trunk/; revision=36944

colorfilters

index a1ef246b4317bfbf7fb1deb36541cd49d2e278b3..d295d67bf4989a2e925da53b56695973279f8442 100644 (file)
@@ -7,8 +7,9 @@
 @ARP@arp@[55011,59486,65534][0,0,0]
 @ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
 @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
+@SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911]
 @TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
-@Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383]
+@Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
 @HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
 @IPX@ipx || spx@[65534,58325,58808][0,0,0]