265
Table 35 Relational operators for capture filters
Nonalphanumeric
symbol
Description
=
Equal to.
For example,
ip[6]=0x1c
matches an IPv4 packet if its seventh byte of payload is
equal to 0x1c.
!=
Not equal to.
For example,
len!=60
matches a packet if its length is not equal to 60 bytes.
>
Greater than.
For example,
len>100
matches a packet if its length is greater than 100 bytes.
<
Less than.
For example,
len<100
matches a packet if its length is less than 100 bytes.
>=
Greater than or equal to.
For example,
len>=100
matches a packet if its length is greater than or equal to
100 bytes.
<=
Less than or equal to.
For example,
len<=100
matches a packet if its length is less than or equal to 100
bytes.
Display filter keywords
Table 36 and Table 37 describe the qualifiers and variables for display filters, respectively.
Table 36 Qualifiers for display filters
Category Description Examples
Protocol Matches a protocol.
• eth—Matches Ethernet.
• ftp—Matches FTP.
• http—Matches HTTP.
• icmp—Matches ICMP.
• ip—Matches IPv4.
• ipv6—Matches IPv6.
• tcp—Matches TCP.
• telnet—Matches Telnet.
• udp—Matches UDP.
Packet field
Matches a field in packets by using a
dotted string in the
protocol
.
field[
.
level1-subfield]…[
.
leveln-
subfield] format.
• tcp.flags.syn—Matches the SYN bit in the
flags field of TCP.
• tcp.port—Matches the source or
destination port field.
NOTE:
The protocol qualifiers cannot modify variables.
Table 37 Variable types for display filters
Variable
type
Description
Integer
Represented in binary, octal, decimal, or hexadecimal notation.
For example, to display IP packets that are less than or equal to 1500 bytes, use one of the
following expressions:
To Next Page
Loading...
Need help?
General
