Filter
Top Products
Table 6.4. Display Filter Logical Operations
English C-like Description and example
and &&
Logical AND
ip.addr==10.0.0.5 and tcp.flags.fin
or ||
Logical OR
ip.addr==10.0.0.5 or ip.addr==192.1.1.1
xor ^^
Logical XOR
tr.dst[0:3] == 0.6.29 xor tr.src[0:3] == 0.6.29
not !
Logical NOT
not llc
[...]
Substring Operator
Ethereal allows you to select subsequences of a sequence in rather elaborate ways.
After a label you can place a pair of brackets [] containing a comma separated list of
range specifiers.
eth.src[0:3] == 00:00:83
The example above uses the n:m format to specify a single range. In this case n is the
beginning offset and m is the length of the range being specified.
eth.src[1-2] == 00:83
The example above uses the n-m format to specify a single range. In this case n is the
beginning offset and m is the ending offset.
eth.src[:4] == 00:00:83:00
The example above uses the :m format, which takes everything from the beginning of
a sequence to offset m. It is equivalent to 0:m
eth.src[4:] == 20:20
The example above uses the n: format, which takes everything from offset n to the end
of the sequence.
Working with captured packets
107