Last active
April 10, 2018 10:43
-
-
Save Che4ter/2141403e90c30d19449b25660f852497 to your computer and use it in GitHub Desktop.
wireshark filters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mac Address/Hostname | |
nbsn | |
udp.ort eq 67 or 68 | |
IP | |
ip.addr | |
HTTP | |
http.request | |
HTTPS | |
ssl.handshake.type == 1 | |
Kerberos | |
kerberos | |
kerberos and ip.addr eq XXX.XXX.XXX.XXX | |
windows account name | |
kerberos.CNameString and !(kerberos.CNameString contains $) | |
->under cname | |
or | |
ip.addr eq 172.16.1.138 and kerberos.CNameString and !(kerberos.CNameString | |
contains $) | |
->if result -> ip is a windows host | |
Domain Controller Traffic | |
udp.port eq 138 | |
nbdgm.type == 17 | |
TCP Syn | |
tcp.flags eq 0x0002 | |
Associated dns | |
http.request or (tcp.flags eq 0x0002 and !(ip.dst eq 172.16.1.0/24)) or dns.qry.name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment