Shared Flashcard Set

Details

CEH Certified Ethical Hacker 312-50:Wireshark Filters
CEH Certified Ethical Hacker 312-50 - Wireshark Filters
36
Computer Science
Professional
02/04/2014
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Computer Science Flashcards

 

 

Cards

Term
tcp
 Definition
limit to tcp packets only.
Term
tcp.stream-eq 2
 Definition
follow a single communication stream.
Term
ip.dst == 10.0.100.9
 Definition
show all packets destined for 10.0.100.9
Term
ip.addr == 10.0.100.9
 Definition
Show all packets from or to 10.0.100.9
Term
ip.src == 10.0.100.9
 Definition
show all packets originating from the specific IP address.
Term
ip.id == 0x4ae1
 Definition
search for all packets with IP ID 0x4ae1
Term
!
 Definition
Negation (like NOT in SQL)
Term
&&
 Definition
Synonym for AND
Term
tcp.flags.reset == 1
 Definition
All TCP resets
Term
http.requests
 Definition
All http requests
Term
tcp contains traffic
 Definition
all tcp requests which contain the word 'traffic'.
Term
tcp.analysis.retransmission
 Definition
display all retransmissions in a trace.
Term
tcp.dstport 3128
 Definition
Displays packets with destination TCP port 3128.
Term
ip.src==10.1.1.1
 Definition
Displays packets with source IP address equals to 10.1.1.1.
Term
ip.addr 10.1.2.3
 Definition
Displays packets with source or destination IP address equals to 10.1.1.1.
Term
src portrange 2000-2500
 Definition
Displays packets with source UDP or TCP ports in the 2000-2500 range.
Term
not imcp
 Definition
Displays everything except icmp packets. (icmp is typically used by the Ping tool)
Term
src host 10.7.2.12 and not dst net 10.200.0.0/16
 Definition
Displays packets with source IP address equals to 10.7.2.12 but not with the destination IP network 10.200.0.0/16.
Term
(src host 10.4.1.12 or src net 10.6.0.0/16) and tcp dst portrange 200-10000 and dst net 10.0.0.0/8
 Definition
Displays packets with source IP address 10.4.1.12 or source network 10.6.0.0/16, the result is then concatenated with packets having destination TCP portrange from 200 to 10000 and destination IP network 10.0.0.0/8.
Term
snmp || dns || icmp
 Definition
Display the SNMP and DNS and ICMP traffic
Term
ip.addr == 10.1.1.1
 Definition
Displays the packets with source or destination IP address equals to 10.1.1.1.
Term
ip.src != 10.1.2.3 or ip.dst != 10.4.5.6
 Definition
Displays the packets with a source IP address different from 10.1.2.3 or with a destination IP different from 10.4.5.6.
Term
ip.src != 10.1.2.3 and ip.dst != 10.4.5.6
 Definition
Displays the packets with source IP different from 10.1.2.3 and in the same time with destination IP different from 10.4.5.6
Term
tcp.port == 25
 Definition
Display packets with TCP source or destination port 25.
Term
tcp.dstport == 25
 Definition
Display packets with TCP destination port 25.
Term
tcp.flags
 Definition
Display packets having a TCP flags
Term
tcp.flags.syn==1
 Definition
Display packets with a TCP SYN flag.
Term
ip.src!=10.0.0.5
 Definition
Source IP address NOT equall to 10.0.0.5
Term
ip.addr == 129.111.0.0/16
 Definition
All packets in the 129.111 Class-B network (Classless InterDomain Routing (CIDR) notation can be used to test if an IPv4 address is in a certain subnet).
Term
ipv6.addr == 1
 Definition
IPV6 address
Term
!(ip.addr == 1.2.3.4)
 Definition
Filters out all packets containing IP datagrams to or from IP address 1.2.3.4
Term
ip.addr==10.0.0.1 && ip.addr==10.0.0.2
 Definition
sets a conversation filter between the two defined IP addresses
Term
http or dns
 Definition
sets a filter to display all http and dns
Term
tcp.port==4000
 Definition
sets a filter for any TCP packet with 4000 as a source or dest port
Term
!(arp or icmp or dns)
 Definition
Masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest
Term
udp contains 33:27:58
 Definition
Sets a filter for UDP packets for the HEX values of 0x33 0x27 0x58 at any offset
Supporting users have an ad free experience!