The “frame” protocol can be useful, encompassing all the data captured by Wireshark or Shark. IPv4 addresses can be represented in either dotted decimal notation or by using the hostname: IPv4 addresses can be compared with the same logical relations as numbers: EQ, né, gt, GE, Lt, and LE.ĬDR notation can also be used with hostnames, as in this example of finding IP addresses on the same Class C network as 'sneeze': The CDR notation can only be used on IP addresses or hostnames, not in variable names. For example, a token-ring packet's source route field is Boolean. Integer fields are converted to their decimal representation.Īn integer may be expressed in decimal, octal, or hexadecimal notation, or as a C-style character constant. Upper() and lower() are useful for performing case-insensitive string comparisons. The “matches” or “~” operator allows a filter to apply to a specified Perl-compatible regular expression (Pure). The “contains” operator cannot be used on atomic fields, such as numbers or IP addresses. Think of a protocol or field in a filter as implicitly having the “exists” operator.
The simplest filter allows you to check for the existence of a protocol or field.
0 kommentar(er)
