git.samba.org / metze / wireshark / wip.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d318182)
Update "TTL low or unexpected" coloring rule to ignore vrrp, carp and MulticastDNS...
authormmann <mmann@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 18 Jun 2013 20:48:42 +0000 (20:48 +0000)
committermmann <mmann@f5534014-38df-0310-8fa8-9805f1628bb7>
Tue, 18 Jun 2013 20:48:42 +0000 (20:48 +0000)
Add carp to routing protocols while we're at it.

git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@50014 f5534014-38df-0310-8fa8-9805f1628bb7

colorfilters patch | blob | history
profiles/Bluetooth/colorfilters patch | blob | history
profiles/Classic/colorfilters patch | blob | history

diff --git a/colorfilters b/colorfilters
index 8ff8df6d5aeb36d1ae8a3bc584a18ca87ca85e33..28974f404a45389fb6f303dc69aecb0112b7b225 100644 (file)
--- a/colorfilters
+++ b/colorfilters
@@ -8,13 +8,13 @@
 @ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796]
 @TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
 @SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[42148,0,0][60652,61680,60395]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]
 @Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1@[4718,10030,11796][63479,34695,34695]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65278,65535,53456][4718,10030,11796]
 @HTTP@http || tcp.port == 80@[58596,65535,51143][4718,10030,11796]
 @IPX@ipx || spx@[65534,58325,58808][4718,10030,11796]
 @DCERPC@dcerpc@[51199,38706,65533][4718,10030,11796]
-@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
 @TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][4718,10030,11796]
 @TCP@tcp@[59345,58980,65535][4718,10030,11796]
 @UDP@udp@[56026,61166,65535][4718,10030,11796]
diff --git a/profiles/Bluetooth/colorfilters b/profiles/Bluetooth/colorfilters
index f10273168effe3c2e1aefe90fe0e1cdd9d6496f0..5d14a3ce4670a9a2532dd8905d389e48ead62fb1 100644 (file)
--- a/profiles/Bluetooth/colorfilters
+++ b/profiles/Bluetooth/colorfilters
@@ -8,13 +8,13 @@
 @ICMP@icmp || icmpv6@[64764,57568,65535][4718,10030,11796]
 @TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
 @SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[42148,0,0][60652,61680,60395]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]\r
 @Checksum Errors@eth.fcs_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1 || cdp.checksum_bad==1 || edp.checksum_bad==1 || wlan.fcs_bad==1@[4718,10030,11796][63479,34695,34695]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65278,65535,53456][4718,10030,11796]
 @HTTP@http || tcp.port == 80@[58596,65535,51143][4718,10030,11796]
 @IPX@ipx || spx@[65534,58325,58808][4718,10030,11796]
 @DCERPC@dcerpc@[51199,38706,65533][4718,10030,11796]
-@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65534,62325,54808][4718,10030,11796]
 @TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][4718,10030,11796]
 @TCP@tcp@[59345,58980,65535][4718,10030,11796]
 @UDP@udp@[56026,61166,65535][4718,10030,11796]
diff --git a/profiles/Classic/colorfilters b/profiles/Classic/colorfilters
index 649ab7703416fce5a753de1b33b6987655607040..79a129f2a256d77817407fe13379d2c8ccd25614 100644 (file)
--- a/profiles/Classic/colorfilters
+++ b/profiles/Classic/colorfilters
@@ -8,13 +8,13 @@
 @ICMP@icmp || icmpv6@[49680,49737,65535][0,0,0]
 @TCP RST@tcp.flags.reset eq 1@[37008,0,0][65535,63121,32911]
 @SCTP ABORT@sctp.chunk_type eq ABORT@[37008,0,0][65535,63121,32911]
-@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.ttl != 1)@[37008,0,0][65535,65535,65535]
+@TTL low or unexpected@( ! ip.dst == 224.0.0.0/4 && ip.ttl < 5 && !pim) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp))@[42148,0,0][60652,61680,60395]\r
 @Checksum Errors@cdp.checksum_bad==1 || edp.checksum_bad==1 || ip.checksum_bad==1 || tcp.checksum_bad==1 || udp.checksum_bad==1 || sctp.checksum_bad==1 || mstp.checksum_bad==1@[0,0,0][65535,24383,24383]
 @SMB@smb || nbss || nbns || nbipx || ipxsap || netbios@[65534,64008,39339][0,0,0]
 @HTTP@http || tcp.port == 80@[36107,65535,32590][0,0,0]
 @IPX@ipx || spx@[65534,58325,58808][0,0,0]
 @DCERPC@dcerpc@[51199,38706,65533][0,0,0]
-@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
+@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65534,62325,54808][0,0,0]
 @TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41026,41026,41026][0,0,0]
 @TCP@tcp@[59345,58980,65534][0,0,0]
 @UDP@udp@[28834,57427,65533][0,0,0]
Unnamed repository; edit this file to name it for gitweb.