Che4ter/wireshark filters

## wireshark filters
Mac Address/Hostname
nbsn
udp.ort eq 67 or 68

IP
ip.addr

HTTP
http.request

HTTPS
ssl.handshake.type == 1

Kerberos
kerberos
kerberos and ip.addr eq XXX.XXX.XXX.XXX
windows account name
kerberos.CNameString and !(kerberos.CNameString contains $)
->under cname
or
ip.addr eq 172.16.1.138 and kerberos.CNameString and !(kerberos.CNameString
contains $)
->if result -> ip is a windows host

Domain Controller Traffic
udp.port eq 138
nbdgm.type == 17

TCP Syn
tcp.flags eq 0x0002

Associated dns
http.request or (tcp.flags eq 0x0002 and !(ip.dst eq 172.16.1.0/24)) or dns.qry.name
	Mac Address/Hostname
	nbsn
	udp.ort eq 67 or 68

	IP
	ip.addr

	HTTP
	http.request

	HTTPS
	ssl.handshake.type == 1

	Kerberos
	kerberos
	kerberos and ip.addr eq XXX.XXX.XXX.XXX
	windows account name
	kerberos.CNameString and !(kerberos.CNameString contains $)
	->under cname
	or
	ip.addr eq 172.16.1.138 and kerberos.CNameString and !(kerberos.CNameString
	contains $)
	->if result -> ip is a windows host

	Domain Controller Traffic
	udp.port eq 138
	nbdgm.type == 17

	TCP Syn
	tcp.flags eq 0x0002

	Associated dns
	http.request or (tcp.flags eq 0x0002 and !(ip.dst eq 172.16.1.0/24)) or dns.qry.name