TOC & Recently Viewed

Recently Viewed Topics

Supported Packet Filter Primitives

The following table lists the supported primitives for the Extended Packet Filter option in PVS.

Primitive

Description

dst host host

True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name.

src host host

True if the IPv4/v6 source field of the packet is host.

host host

True if either the IPv4/v6 source or destination of the packet is host.

Any of the above host expressions can be prepended with the keywords ip, arp, rarp, or ip6. For example:

ip host host

which is equivalent to:

ether proto \ip and host host

If host is a name with multiple IP addresses, each address will be checked for a match.

ether dst ehost

True if the Ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3N) for numeric format).

ether src ehost

True if the Ethernet source address is ehost.

ether host ehost

True if either the Ethernet source or destination address is ehost.

gateway host

True if the packet used host as a gateway.

dst net net

 

src net net

 

dst port port

 

src port port

 

port port

 

dst portrange port1-port2

 

src portrange port1-port2

 

portrange port1-port2

 

less length

 

greater length

 

tcp, udp, icmp

 

protochain protocol

 

ether broadcast

 

ether multicast

 

ether proto protocol

 

arp, rarp, atalk, aarp, decnet, iso, stp, ipx, netbeui

 

lat, moprc, mopdl

 

decnet src host

 

decnet dst host

 

decnet host host

 

llc

 

llc Fitype

 

ifname interface

 

on interface

 

rnr num

 

rulenum num

 

reason code

 

rset name

 

ruleset name

 

srnr num

 

subrulenum num

 

action act

 

wlan ra ehost

 

wlan ta ehost

 

wlan addr1 ehost

 

wlan addr2 ehost

 

wlan addr3 ehost

 

wlan addr4 ehost

 

type wlan_type

 

type wlan_type subtype wlan_subtype

 

subtype wlan_subtype

 

dir dir

 

mpls [label_num]

 

pppoed

 

pppoes [session_id]

 

geneve [vni]

 

iso proto protocol

 

clnp, esis, isis

 

l1, l2, iih, lsp, snp, csnp, psnp

 

vpi n

 

vci n

 

lane

 

oamf4s

 

oamf4e

 

oamf4

 

oam

 

metac

 

bcc

 

sc

 

ilmic

 

connectmsg

 

metaconnect

 

expr relop expr

 

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.