dns.qry.name == “www.cordero.me”
dns.qry.name matches “.cordero.me”
dns.qry.name contains “cordero.me”
tcp.flags.reset == 1
tcp.flags.push == 1
tcp.flags.syn == 1
ip.addr == 172.16.200.1
ip.src == 172.16.200.1
ip.dst == 172.16.200.1
tcp.port eq 53
udp.port eq 53
Client Hello:
tls.handshake.type == 1
Server Hello:
tls.handshake.type == 2
Certificate:
tls.handshake.type == 11
Cipher Suites:
tls.handshake.ciphersuite
TLS Message types | |
---|---|
Code | Description |
0 | HelloRequest |
1 | ClientHello |
2 | ServerHello |
4 | NewSessionTicket |
8 | EncryptedExtensions (TLS 1.3 only) |
11 | Certificate |
12 | ServerKeyExchange |
13 | CertificateRequest |
14 | ServerHelloDone |
15 | CertificateVerify |
16 | ClientKeyExchange |
20 | Finished |
Traffic type | Capture filter(s) | Display filter(s) [wireshark] |
RIPv2 | udp port 520 | udp.port==520 |
EIGRP | ip proto eigrp | ip.proto==88 |
OSPF | ip proto ospf | ip.proto==89 |
LDP | udp port 646 or tcp port 646 | udp.port==646 or tcp.port==646 |
PIM | ip proto pim | pim |
IGMP | ip proto igmp | igmp |
BGP | tcp port 179 | tcp.port==179 |
ICMP | ip proto icmp | icmp |
Wireshark display filter operands
and | && |
or | or |
= | == |
protocol and port | ip.port== udp.port== tcp.port== |
source or dest ip | ip.src== ip.dst== |