Skip to content

Display Filter Syntax

Jump to bottom Edit New page
Ron Hashimoto edited this page Aug 4, 2016 · 3 revisions

Display Filter has JavaScript-like syntax.

You can refer the packet and its layers implicitly.

   +-------- Packet property
   |
payload.length > 100

 +--------- Protocol name (case-insensitive)
 |
tcp.ack == 12345
     |
     +--- Protocol attribute

   +-------- Packet property
   |
$.len > 100
|
+---------- Explicitly refer the packet

  +-------- Math, Number, Date are exported to the global
  |
Math.pow(len, 2) < 1000
          |
          +-------- Packet property

Examples

payload.length > 100

Creative Commons License
This documentation is licensed under a Creative Commons Attribution 3.0 Unported License.

Add a custom sidebar

Clone this wiki locally