04 Flashcards
What filter gives me the ethernet layers arp traffic?
eth.type == 08 06
What is an ICMPv6 Type 0x80 message?
Echo request
What filter gives me the ethernet layers ipv4 traffic?
eth.type == 08 00
What filter gives me the ethernet layers ipv6 traffic?
eth.type == 86 dd
What filter will give me all of the arp requests/replies?
arp.opcode == 1 (requests)
arp.opcode == 2 (reply)
What filter will give me the source ip address of ipv4 within an arp header?
arp.src.proto_ipv4 == “”
What filter will show me all ipv4 packets with the more fragments flag turned on?
ip.flags.mf==1
What filter will show me all ipv4 packets with the offset turned on?
ip.frag_offset>0
What command will give me all ipv6 traffic with the next protocol being UDP?
ipv6.nxt == 0x11
What command will give me all ipv6 traffic with the next protocol being TCP?
ipv6.nxt == 0x06
What command will give me all ipv6 fragmentation traffic
ipv6.nxt == 0x2c
What command will give me all ipv6 traffic with the next protocol being ICMPv6?
ipv6.nxt == 0x3a
What command will show me all icmpv4 informational traffic?
icmp.type in {8 0}
What command will show me all icmpv4 error traffic?
icmp.type in {3 5 11}
What is this icmpv6 types?
128
129
133
134
135
136
137
Echo Request
Echo Reply
Router solicitation
Router advertisement
Neighbor solicitation
Neighbor advertisement
Redirect message
What icmpv6 filter will give me all router solicitation traffic?
icmpv6.type == 133
How do I get all tcp syn traffic?
tcp.flags in {0x02}
How do I get all tcp ack traffic?
tcp.flags in {0x10 0x12}
How do I show all packets coming from a web server?
tcp.srcport == 80
How do I show all dns quries?
udp.port == 53
within the ip proto field what does 01 represent?
icmp
within the ip proto field what does 06 represent?
tcp
within the ip proto field what does 11 represent?
udp
within the ipv4 fragments field what does each flag respresent?
0
2
4
8
may fragment
more fragments
dont fragment
reserved
