dns.qry.name == “www.cordero.me”
dns.qry.name matches “.cordero.me”
dns.qry.name contains “cordero.me”
tcp.flags.reset == 1
tcp.flags.push == 1
tcp.flags.syn == 1
ip.addr == 172.16.200.1
ip.src == 172.16.200.1
ip.dst == 172.16.200.1
tcp.port eq 53
udp.port eq 53
Client Hello:
tls.handshake.type == 1
Server Hello:
tls.handshake.type == 2
Certificate:
tls.handshake.type == 11
Cipher Suites:
tls.handshake.ciphersuite
| TLS Message types | |
|---|---|
| Code | Description |
| 0 | HelloRequest |
| 1 | ClientHello |
| 2 | ServerHello |
| 4 | NewSessionTicket |
| 8 | EncryptedExtensions (TLS 1.3 only) |
| 11 | Certificate |
| 12 | ServerKeyExchange |
| 13 | CertificateRequest |
| 14 | ServerHelloDone |
| 15 | CertificateVerify |
| 16 | ClientKeyExchange |
| 20 | Finished |
| Traffic type | Capture filter(s) | Display filter(s) [wireshark] |
| RIPv2 | udp port 520 | udp.port==520 |
| EIGRP | ip proto eigrp | ip.proto==88 |
| OSPF | ip proto ospf | ip.proto==89 |
| LDP | udp port 646 or tcp port 646 | udp.port==646 or tcp.port==646 |
| PIM | ip proto pim | pim |
| IGMP | ip proto igmp | igmp |
| BGP | tcp port 179 | tcp.port==179 |
| ICMP | ip proto icmp | icmp |
Wireshark display filter operands
| and | && |
| or | or |
| = | == |
| protocol and port | ip.port== udp.port== tcp.port== |
| source or dest ip | ip.src== ip.dst== |