PcapFilter¶

Header Format¶

FILL ME IN

Term Format¶

• for common keys see common.md

• destination-exclude: Exclude one or more address tokens from the specified destination-address

• icmp-code: Specifies the ICMP code to filter on.
• logging: Specify that this packet should be logged via syslog.
• source-exclude: exclude one or more address tokens from the specified source-address.

Sub Tokens¶

Actions¶

• accept
• deny
• next
• reject

Option¶

• ack: Match on ACK flag being present.
• all: Matches all protocols.
• established: Only match established connections, implements tcp-established for tcp and sets destination port to 1024- 65535 for udp if destination port is not defined.
• fin: Match on FIN flag being present.
• is-fragment: Matches on if a packet is a fragment.
• none: Matches none.
• psh: Match on PSH flag being present.
• rst: Match on RST flag being present.
• syn: Match on SYN flag being present.
• tcp-established: Only match established tcp connections, based on statefull match or TCP flags. Not supported for other protocols.
• urg: Match on URG flag being present.