Match packets containing the (arbitrary) 3-byte sequence 0x81, 0圆0, 0x03 at the beginning of the UDP payload, skipping the 8-byte UDP header.
Sasser worm: –What sasser really did– ls_ads.opnum=0x09 TCP buffer full – Source is instructing Destination to stop sending data tcp.window_size = 0 & != 1įilter on Windows – Filter out noise, while watching Windows Client - DC exchanges smb || nbns || dcerpc || nbss || dns Show only traffic in the LAN (.x), between workstations and servers – no Internet: ip.src=192.168.0.0/16 and ip.dst=192.168.0.0/16 Show only SMTP (port 25) and ICMP traffic: tcp.port eq 25 or icmp See also CaptureFilters: Capture filter is not a display filter. Capture filters (like tcp port 80) are not to be confused with display filters (like tcp.port = 80).
0 kommentar(er)
