| # |
| # Location definitions for packet matching |
| # |
| |
| # name alignment offset mask |
| ip.version u8 net+0 0xF0 |
| ip.hdrlen u8 net+0 0x0F |
| ip.diffserv u8 net+1 |
| ip.length u16 net+2 |
| ip.id u16 net+4 |
| ip.df u8 net+6 0x40 |
| ip.mf u8 net+6 0x20 |
| ip.offset u16 net+6 0x1FFF |
| ip.ttl u8 net+8 |
| ip.proto u8 net+9 |
| ip.chksum u16 net+10 |
| ip.src u32 net+12 |
| ip.dst u32 net+16 |
| |
| |
| # |
| # Transmission Control Protocol (TCP) |
| # |
| # name alignment offset mask |
| tcp.sport u16 tcp+0 |
| tcp.dport u16 tcp+2 |
| tcp.seq u32 tcp+4 |
| tcp.ack u32 tcp+8 |
| tcp.off u8 tcp+12 0xF0 |
| tcp.reserved u8 tcp+12 0x0F |
| # FLAGS |
| tcp.win u16 tcp+14 |
| tcp.csum u16 tcp+16 |
| tcp.urg u16 tcp+18 |
| tcp.opts u32 tcp+20 |
| |
| # |
| # User Datagram Protocol (UDP) |
| # |
| # name alignment offset mask |
| udp.sport u16 tcp+0 |
| udp.dport u16 tcp+2 |
| udp.length u16 tcp+4 |
| udp.csum u16 tcp+6 |