Skip to content

Instantly share code, notes, and snippets.

@ryancdotorg

ryancdotorg/filters.out

Created May 26, 2023 19:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ryancdotorg/59c186f3fe353ef1efc17cab23e12f70 to your computer and use it in GitHub Desktop.
Save ryancdotorg/59c186f3fe353ef1efc17cab23e12f70 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
filters.out
tcpdump version 4.99.4
libpcap version 1.10.4 (with TPACKET_V3)
OpenSSL 1.1.1t 7 Feb 2023
# tcpdump -d -y IEEE802_11_RADIO 'subtype probe-req'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'type mgt subtype probe-req'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40'
# 5d64c17672b015af55ed53fd68ad5d3230f2d59cd1a4262e1cc8f15c01d14c4d
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 10
(009) ret #262144
(010) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and subtype probe-req'
# d459e763c9ae84f2b833b68c446a4081713552b0088ec21dbb65c3cae7eb5fa0
(000) ldb [16]
(001) jset #0x40 jt 6 jf 2
(002) ldb [0]
(003) and #0xfc
(004) jeq #0x40 jt 5 jf 6
(005) ret #262144
(006) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and type mgt subtype probe-req'
# d459e763c9ae84f2b833b68c446a4081713552b0088ec21dbb65c3cae7eb5fa0
(000) ldb [16]
(001) jset #0x40 jt 6 jf 2
(002) ldb [0]
(003) and #0xfc
(004) jeq #0x40 jt 5 jf 6
(005) ret #262144
(006) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and (wlan[0] & 0xfc) == 0x40'
# e1bd174a8c279e51d38e91fa3ad29f75900b84fed22c3c7fa969ca2fc2cae543
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[5]
(006) ldb [16]
(007) jset #0x40 jt 13 jf 8
(008) ldx M[5]
(009) ldb [x + 0]
(010) and #0xfc
(011) jeq #0x40 jt 12 jf 13
(012) ret #262144
(013) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'subtype probe-req and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -d -y IEEE802_11_RADIO 'type mgt subtype probe-req and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40 and (radio[16] & 0x40) == 0'
# f5940ddf273c49d5bf75aa4d05773dac61a2be22d200ef5429c7b9fa6e4e4923
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) tax
(006) ldb [x + 0]
(007) and #0xfc
(008) jeq #0x40 jt 9 jf 12
(009) ldb [16]
(010) jset #0x40 jt 12 jf 11
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'subtype probe-req'
# bff9f3ac881e404b3b2723610a6a809d578156aad9a1489adc692331cc2e2d7a
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 12
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'type mgt subtype probe-req'
# bff9f3ac881e404b3b2723610a6a809d578156aad9a1489adc692331cc2e2d7a
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 12
(011) ret #262144
(012) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40'
# 266fa82cc6260f4a08e5c389dde4b40d0dc9dd741ee4dd590c0db5c56eec8055
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[2]
(006) tax
(007) ld #0x0
(008) st M[0]
(009) ldx M[2]
(010) ld M[0]
(011) add x
(012) tax
(013) ldb [x + 0]
(014) st M[1]
(015) ld #0xfc
(016) st M[3]
(017) ldx M[3]
(018) ld M[1]
(019) and x
(020) st M[3]
(021) ld #0x40
(022) st M[4]
(023) ldx M[4]
(024) ld M[3]
(025) sub x
(026) jeq #0x0 jt 27 jf 28
(027) ret #262144
(028) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and subtype probe-req'
# 5663cbe6858797aa85a1962c1e99907bdfbac2e8477fa46e2e896080a3857dca
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[3]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 29
(024) ldx M[3]
(025) ldb [x + 0]
(026) and #0xfc
(027) jeq #0x40 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and type mgt subtype probe-req'
# 5663cbe6858797aa85a1962c1e99907bdfbac2e8477fa46e2e896080a3857dca
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[3]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 29
(024) ldx M[3]
(025) ldb [x + 0]
(026) and #0xfc
(027) jeq #0x40 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(radio[16] & 0x40) == 0 and (wlan[0] & 0xfc) == 0x40'
# 9f7a0c3d0457a1c19eba6f4b74404f13368f873ca771ecda907a5f26a6af72f8
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[5]
(006) tax
(007) ld #0x10
(008) st M[0]
(009) ldx M[0]
(010) ldb [x + 0]
(011) st M[1]
(012) ld #0x40
(013) st M[2]
(014) ldx M[2]
(015) ld M[1]
(016) and x
(017) st M[2]
(018) ld #0x0
(019) st M[3]
(020) ldx M[3]
(021) ld M[2]
(022) sub x
(023) jeq #0x0 jt 24 jf 45
(024) ld #0x0
(025) st M[3]
(026) ldx M[5]
(027) ld M[3]
(028) add x
(029) tax
(030) ldb [x + 0]
(031) st M[4]
(032) ld #0xfc
(033) st M[6]
(034) ldx M[6]
(035) ld M[4]
(036) and x
(037) st M[6]
(038) ld #0x40
(039) st M[7]
(040) ldx M[7]
(041) ld M[6]
(042) sub x
(043) jeq #0x0 jt 44 jf 45
(044) ret #262144
(045) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'subtype probe-req and (radio[16] & 0x40) == 0'
# cb22cf48f5315b1bb7a25debbc9ca3faead89f44640129cee2fda9ddafac3dcd
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 29
(011) ld #0x10
(012) st M[1]
(013) ldx M[1]
(014) ldb [x + 0]
(015) st M[2]
(016) ld #0x40
(017) st M[3]
(018) ldx M[3]
(019) ld M[2]
(020) and x
(021) st M[3]
(022) ld #0x0
(023) st M[4]
(024) ldx M[4]
(025) ld M[3]
(026) sub x
(027) jeq #0x0 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO 'type mgt subtype probe-req and (radio[16] & 0x40) == 0'
# cb22cf48f5315b1bb7a25debbc9ca3faead89f44640129cee2fda9ddafac3dcd
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[0]
(006) tax
(007) ldx M[0]
(008) ldb [x + 0]
(009) and #0xfc
(010) jeq #0x40 jt 11 jf 29
(011) ld #0x10
(012) st M[1]
(013) ldx M[1]
(014) ldb [x + 0]
(015) st M[2]
(016) ld #0x40
(017) st M[3]
(018) ldx M[3]
(019) ld M[2]
(020) and x
(021) st M[3]
(022) ld #0x0
(023) st M[4]
(024) ldx M[4]
(025) ld M[3]
(026) sub x
(027) jeq #0x0 jt 28 jf 29
(028) ret #262144
(029) ret #0
# tcpdump -O -d -y IEEE802_11_RADIO '(wlan[0] & 0xfc) == 0x40 and (radio[16] & 0x40) == 0'
# b90d61fe8476f958050f069afb085797b1758ad13c5359418dab69b2dd442549
(000) ldb [3]
(001) lsh #8
(002) tax
(003) ldb [2]
(004) or x
(005) st M[2]
(006) tax
(007) ld #0x0
(008) st M[0]
(009) ldx M[2]
(010) ld M[0]
(011) add x
(012) tax
(013) ldb [x + 0]
(014) st M[1]
(015) ld #0xfc
(016) st M[3]
(017) ldx M[3]
(018) ld M[1]
(019) and x
(020) st M[3]
(021) ld #0x40
(022) st M[4]
(023) ldx M[4]
(024) ld M[3]
(025) sub x
(026) jeq #0x0 jt 27 jf 45
(027) ld #0x10
(028) st M[4]
(029) ldx M[4]
(030) ldb [x + 0]
(031) st M[5]
(032) ld #0x40
(033) st M[6]
(034) ldx M[6]
(035) ld M[5]
(036) and x
(037) st M[6]
(038) ld #0x0
(039) st M[7]
(040) ldx M[7]
(041) ld M[6]
(042) sub x
(043) jeq #0x0 jt 44 jf 45
(044) ret #262144
(045) ret #0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment