236
Table 31 Relational operators for capture filters
Nonalphanumeric
Description
=
Equal to.
For example,
ip[6]=0x1c
matches an IPv4 packet if its seventh byte of payload is
equal to 0x1c.
!=
Not equal to.
For example,
matches a packet if its length is not equal to 60 bytes.
>
Greater than.
For example,
matches a packet if its length is greater than 100 bytes.
<
Less than.
For example,
len<100
matches a packet if its length is less than 100 bytes.
>=
Greater than or equal to.
For example,
len>=100
matches a packet if its length is greater than or equal to
100 bytes.
<=
Less than or equal to.
For example,
len<=100
matches a packet if its length is less than or equal to 100
bytes.
Display filter keywords
Table 32 and Table 33 describe the qualifiers and variables for display filters, respectively.
Table 32 Qualifiers for display filters
Protocol Matches a protocol.
• eth—Matches Ethernet.
• ftp—Matches FTP.
• icmp—Matches ICMP.
• ip—Matches IPv4.
• ipv6—Matches IPv6.
• tcp—Matches TCP.
• telnet—Matches Telnet.
• udp—Matches UDP.
Packet field
Matches a field in packets by using a
protocol
.
field[
.
level1-subfield]…[
.
leveln-
subfield] format.
• tcp.flags.syn—
the flags field of TCP.
• tcp.port—Matches the s
destination port field.
The protocol qualifiers cannot modify variables.
Table 33 Variable types for display filters
Variable
Description
Integer
Represented in binary, octal, decimal, or hexadecimal notation.
For example, to display IP packets that are less than or equal to 1500 bytes, use one of the
following expressions:
To Next Page
Loading...
Need help?
General