# NetFilters Filters


ip.host($HOST)
ip traffic to/from the specified host
ip.between($HOST1,$HOST2)
ip traffic between two specified hosts
ip.between($HOST1,$HOST2) or ip.between($HOST1,$HOST3)
ip traffic between $HOST1 and $HOST2, or between $HOST1 and $HOST3




((ip.src & $NETMASK) != $NETADDR) and ((ip.dst & $NETMASK) != $NETADDR) 
ip packets routed through this net but neither originate nor terminate on it
((ip.src & $NETMASK) == $NETADDR) and ((ip.dst & $NETMASK) != $NETADDR)
ip packets that originate on this network but go to another network
((ip.src & $NETMASK) != $NETADDR) and ((ip.dst & $NETMASK) == $NETADDR)
ip packets that originate on another network but terminate on this network
((ip.src & $NETMASK) == $NETADDR) and ((ip.dst & $NETMASK) == $NETADDR)
local ip network traffic only


ip
Internet Protocol - DARPA Internet RFC 791
udp
User Datagram Protocol - DARPA Internet RFC 768
tcp
Transmission Control Protocol - DARPA Internet RFC 793
nfs
Network File System Protocol - DARPA Internet RFC 1094
sunrpc
Sun Remote Procedure Call Protocol - DARPA Internet RFC 1057
bootp
Bootstrap Protocol - DARPA Internet RFC 1084
ftp
File Transfer Protocol - various DARPA RFCs
telnet
TELNET network terminal protocol - various DARPA RFCs
rlogin
4.2 BSD rlogin (remote login) - DARPA RFC 1282
rcp
4.2 BSD copy protocol using remote shell
nlm
Sun Network Lock Manager Protocol
pmap
Sun Portmap Protocol
tsp
Time Synchronization Protocol - DARPA RFC 1129
rip
Routing Information Protocol - DARPA Internet RFC 1058
tftp 
Trivial File transfer Protocol - DARPA Internet RFC 783
dns
Domain Name Service
snmp
Simple Network Management Protcol - DARPA Internet RFC 1157
icmp
Internet Control Message Protocol - DARPA Internet RFC 792
igmp
Internet Group Management Protocol
arp
Address Resolution Protocol - IP to MAC layer
arpip
Address Resolution Protocol for IP-based networks
rarp
Reverse Address Resolution Protocol - MAC layer to IP
decnet
Digital Equipment Corporation Network Protocol
nsp
DECnet Network Service Protocol
lat
DECnet Local Area Transport protocol for terminals
xtp
Xpress Transfer Protocol (Protocol Engines Inc.) - PEI 92-10
idp
XNS Internet Datagram Protocol
ipx
Novell Internetwork Packet Exchange


snoop.error
packets with any errors
snoop.frame
packets with framing errors
snoop.checksum
packets with checksum errors
snoop.toobig
packets that are too large ("toobig" error)
snoop.toosmall
packets that are too small ("toosmall" error)
snoop.nobufs
packets with buffer shortage flag set


dst == ff:ff:ff:ff:ff:ff
ethernet broadcast


smtp
mail (Simple Mail Transport Protocol)
x11
X11 Windowing system (X-server port)
tcp.port(119)
network news (Network News Transport Protocol)
ip.dst == 224.0.1.2 and udp.dport == 5133
bz (sgi tank game)
ip.dst == 224.0.1.2 and udp.dport == 5130
dogfight
string($LEN, $OFFSET) == "$VALUE"
capture packets that have the specified value at the specified offset


decnet.between($HOST1,$HOST2)
decnet traffic between two decnet hosts


afp
appletalk phase 1
afp2
appletalk phase 2
elap
EtherTalk Link Access Protocol, phase 1
ddp
AppleTalk Datagram Delivery Protocol, phase 1
ddp2
AppleTalk Datagram Delivery Protocol, phase 2


osi
Open Systems Interconnection Protocols
sna
IBM Systems Network Architecture Protocols
vines
Banyan VINES network file system protocols
netbios
Netbios service protocol
