Skip to content

Commit dc37da0

Browse files
batamigbatamig
authored
fixing capture filter sample
1 parent b703595 commit dc37da0

File tree

1 file changed

+5
-293
lines changed

1 file changed

+5
-293
lines changed

articles/defender-for-iot/organizations/cli-ot-sensor.md

Lines changed: 5 additions & 293 deletions
Original file line numberDiff line numberDiff line change
@@ -715,10 +715,6 @@ The following example shows a series of prompts that creates a capture filter to
715715

716716
```bash
717717
root@xsense: network capture-filter
718-
Would you like to supply devices and subnet masks you wish to include in the capture filter? [y/N]: y
719-
You've exited the editor. Would you like to apply your modifications? [y/N]:
720-
root@xsense:
721-
root@xsense: network capture-filter
722718
Would you like to supply devices and subnet masks you wish to include in the capture filter? [y/N]: n
723719
Would you like to supply devices and subnet masks you wish to exclude from the capture filter? [y/N]: y
724720
You've exited the editor. Would you like to apply your modifications? [y/N]: y
@@ -739,295 +735,11 @@ No include file given
739735
Loaded 1 unique channels
740736
(000) ret #262144
741737
(000) ldh [12]
742-
(001) jeq #0x800 jt 2 jf 8
743-
(002) ld [26]
744-
(003) and #0xffff0000
745-
(004) jeq #0xc0a80000 jt 16 jf 5
746-
(005) ld [30]
747-
(006) and #0xffff0000
748-
(007) jeq #0xc0a80000 jt 16 jf 17
749-
(008) jeq #0x806 jt 10 jf 9
750-
(009) jeq #0x8035 jt 10 jf 17
751-
(010) ld [28]
752-
(011) and #0xffff0000
753-
(012) jeq #0xc0a80000 jt 16 jf 13
754-
(013) ld [38]
755-
(014) and #0xffff0000
756-
(015) jeq #0xc0a80000 jt 16 jf 17
757-
(016) ret #0
758-
(017) ret #262144
759-
(000) ldh [12]
760-
(001) jeq #0x86dd jt 2 jf 8
761-
(002) ldb [20]
762-
(003) jeq #0x6 jt 4 jf 19
763-
(004) ldh [54]
764-
(005) jeq #0x2328 jt 18 jf 6
765-
(006) ldh [56]
766-
(007) jeq #0x2328 jt 18 jf 19
767-
(008) jeq #0x800 jt 9 jf 19
768-
(009) ldb [23]
769-
(010) jeq #0x6 jt 11 jf 19
770-
(011) ldh [20]
771-
(012) jset #0x1fff jt 19 jf 13
772-
(013) ldxb 4*([14]&0xf)
773-
(014) ldh [x + 14]
774-
(015) jeq #0x2328 jt 18 jf 16
775-
(016) ldh [x + 16]
776-
(017) jeq #0x2328 jt 18 jf 19
777-
(018) ret #0
778-
(019) ret #262144
779-
(000) ldh [12]
780-
(001) jeq #0x86dd jt 2 jf 8
781-
(002) ldb [20]
782-
(003) jeq #0x11 jt 4 jf 19
783-
(004) ldh [54]
784-
(005) jeq #0x2328 jt 18 jf 6
785-
(006) ldh [56]
786-
(007) jeq #0x2328 jt 18 jf 19
787-
(008) jeq #0x800 jt 9 jf 19
788-
(009) ldb [23]
789-
(010) jeq #0x11 jt 11 jf 19
790-
(011) ldh [20]
791-
(012) jset #0x1fff jt 19 jf 13
792-
(013) ldxb 4*([14]&0xf)
793-
(014) ldh [x + 14]
794-
(015) jeq #0x2328 jt 18 jf 16
795-
(016) ldh [x + 16]
796-
(017) jeq #0x2328 jt 18 jf 19
797-
(018) ret #0
798-
(019) ret #262144
799-
(000) ldh [12]
800-
(001) jeq #0x800 jt 2 jf 18
801-
(002) ld [26]
802-
(003) and #0xffff0000
803-
(004) jeq #0xc0a80000 jt 34 jf 5
804-
(005) ld [30]
805-
(006) and #0xffff0000
806-
(007) jeq #0xc0a80000 jt 34 jf 8
807-
(008) ldb [23]
808-
(009) jeq #0x6 jt 11 jf 10
809-
(010) jeq #0x11 jt 11 jf 35
810-
(011) ldh [20]
811-
(012) jset #0x1fff jt 35 jf 13
812-
(013) ldxb 4*([14]&0xf)
813-
(014) ldh [x + 14]
814-
(015) jeq #0x2328 jt 34 jf 16
815-
(016) ldh [x + 16]
816-
(017) jeq #0x2328 jt 34 jf 35
817-
(018) jeq #0x806 jt 20 jf 19
818-
(019) jeq #0x8035 jt 20 jf 26
819-
(020) ld [28]
820-
(021) and #0xffff0000
821-
(022) jeq #0xc0a80000 jt 34 jf 23
822-
(023) ld [38]
823-
(024) and #0xffff0000
824-
(025) jeq #0xc0a80000 jt 34 jf 35
825-
(026) jeq #0x86dd jt 27 jf 35
826-
(027) ldb [20]
827-
(028) jeq #0x6 jt 30 jf 29
828-
(029) jeq #0x11 jt 30 jf 35
829-
(030) ldh [54]
830-
(031) jeq #0x2328 jt 34 jf 32
831-
(032) ldh [56]
832-
(033) jeq #0x2328 jt 34 jf 35
833-
(034) ret #0
834-
(035) ret #262144
835-
debug: set new filter for dumpark '(((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000))) or (vlan and ((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000)))'
836-
No include file given
837-
Loaded 1 unique channels
838-
(000) ret #262144
839-
(000) ldh [12]
840-
(001) jeq #0x800 jt 2 jf 8
841-
(002) ld [26]
842-
(003) and #0xffff0000
843-
(004) jeq #0xc0a80000 jt 16 jf 5
844-
(005) ld [30]
845-
(006) and #0xffff0000
846-
(007) jeq #0xc0a80000 jt 16 jf 17
847-
(008) jeq #0x806 jt 10 jf 9
848-
(009) jeq #0x8035 jt 10 jf 17
849-
(010) ld [28]
850-
(011) and #0xffff0000
851-
(012) jeq #0xc0a80000 jt 16 jf 13
852-
(013) ld [38]
853-
(014) and #0xffff0000
854-
(015) jeq #0xc0a80000 jt 16 jf 17
855-
(016) ret #0
856-
(017) ret #262144
857-
(000) ldh [12]
858-
(001) jeq #0x86dd jt 2 jf 8
859-
(002) ldb [20]
860-
(003) jeq #0x6 jt 4 jf 19
861-
(004) ldh [54]
862-
(005) jeq #0x2328 jt 18 jf 6
863-
(006) ldh [56]
864-
(007) jeq #0x2328 jt 18 jf 19
865-
(008) jeq #0x800 jt 9 jf 19
866-
(009) ldb [23]
867-
(010) jeq #0x6 jt 11 jf 19
868-
(011) ldh [20]
869-
(012) jset #0x1fff jt 19 jf 13
870-
(013) ldxb 4*([14]&0xf)
871-
(014) ldh [x + 14]
872-
(015) jeq #0x2328 jt 18 jf 16
873-
(016) ldh [x + 16]
874-
(017) jeq #0x2328 jt 18 jf 19
875-
(018) ret #0
876-
(019) ret #262144
877-
(000) ldh [12]
878-
(001) jeq #0x86dd jt 2 jf 8
879-
(002) ldb [20]
880-
(003) jeq #0x11 jt 4 jf 19
881-
(004) ldh [54]
882-
(005) jeq #0x2328 jt 18 jf 6
883-
(006) ldh [56]
884-
(007) jeq #0x2328 jt 18 jf 19
885-
(008) jeq #0x800 jt 9 jf 19
886-
(009) ldb [23]
887-
(010) jeq #0x11 jt 11 jf 19
888-
(011) ldh [20]
889-
(012) jset #0x1fff jt 19 jf 13
890-
(013) ldxb 4*([14]&0xf)
891-
(014) ldh [x + 14]
892-
(015) jeq #0x2328 jt 18 jf 16
893-
(016) ldh [x + 16]
894-
(017) jeq #0x2328 jt 18 jf 19
895-
(018) ret #0
896-
(019) ret #262144
897-
(000) ldh [12]
898-
(001) jeq #0x800 jt 2 jf 18
899-
(002) ld [26]
900-
(003) and #0xffff0000
901-
(004) jeq #0xc0a80000 jt 34 jf 5
902-
(005) ld [30]
903-
(006) and #0xffff0000
904-
(007) jeq #0xc0a80000 jt 34 jf 8
905-
(008) ldb [23]
906-
(009) jeq #0x6 jt 11 jf 10
907-
(010) jeq #0x11 jt 11 jf 35
908-
(011) ldh [20]
909-
(012) jset #0x1fff jt 35 jf 13
910-
(013) ldxb 4*([14]&0xf)
911-
(014) ldh [x + 14]
912-
(015) jeq #0x2328 jt 34 jf 16
913-
(016) ldh [x + 16]
914-
(017) jeq #0x2328 jt 34 jf 35
915-
(018) jeq #0x806 jt 20 jf 19
916-
(019) jeq #0x8035 jt 20 jf 26
917-
(020) ld [28]
918-
(021) and #0xffff0000
919-
(022) jeq #0xc0a80000 jt 34 jf 23
920-
(023) ld [38]
921-
(024) and #0xffff0000
922-
(025) jeq #0xc0a80000 jt 34 jf 35
923-
(026) jeq #0x86dd jt 27 jf 35
924-
(027) ldb [20]
925-
(028) jeq #0x6 jt 30 jf 29
926-
(029) jeq #0x11 jt 30 jf 35
927-
(030) ldh [54]
928-
(031) jeq #0x2328 jt 34 jf 32
929-
(032) ldh [56]
930-
(033) jeq #0x2328 jt 34 jf 35
931-
(034) ret #0
932-
(035) ret #262144
933-
debug: set new filter for traffic-monitor '(((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000))) or (vlan and ((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000)))'
934-
No include file given
935-
Loaded 1 unique channels
936-
(000) ret #262144
937-
(000) ldh [12]
938-
(001) jeq #0x800 jt 2 jf 8
939-
(002) ld [26]
940-
(003) and #0xffff0000
941-
(004) jeq #0xc0a80000 jt 16 jf 5
942-
(005) ld [30]
943-
(006) and #0xffff0000
944-
(007) jeq #0xc0a80000 jt 16 jf 17
945-
(008) jeq #0x806 jt 10 jf 9
946-
(009) jeq #0x8035 jt 10 jf 17
947-
(010) ld [28]
948-
(011) and #0xffff0000
949-
(012) jeq #0xc0a80000 jt 16 jf 13
950-
(013) ld [38]
951-
(014) and #0xffff0000
952-
(015) jeq #0xc0a80000 jt 16 jf 17
953-
(016) ret #0
954-
(017) ret #262144
955-
(000) ldh [12]
956-
(001) jeq #0x86dd jt 2 jf 8
957-
(002) ldb [20]
958-
(003) jeq #0x6 jt 4 jf 19
959-
(004) ldh [54]
960-
(005) jeq #0x2328 jt 18 jf 6
961-
(006) ldh [56]
962-
(007) jeq #0x2328 jt 18 jf 19
963-
(008) jeq #0x800 jt 9 jf 19
964-
(009) ldb [23]
965-
(010) jeq #0x6 jt 11 jf 19
966-
(011) ldh [20]
967-
(012) jset #0x1fff jt 19 jf 13
968-
(013) ldxb 4*([14]&0xf)
969-
(014) ldh [x + 14]
970-
(015) jeq #0x2328 jt 18 jf 16
971-
(016) ldh [x + 16]
972-
(017) jeq #0x2328 jt 18 jf 19
973-
(018) ret #0
974-
(019) ret #262144
975-
(000) ldh [12]
976-
(001) jeq #0x86dd jt 2 jf 8
977-
(002) ldb [20]
978-
(003) jeq #0x11 jt 4 jf 19
979-
(004) ldh [54]
980-
(005) jeq #0x2328 jt 18 jf 6
981-
(006) ldh [56]
982-
(007) jeq #0x2328 jt 18 jf 19
983-
(008) jeq #0x800 jt 9 jf 19
984-
(009) ldb [23]
985-
(010) jeq #0x11 jt 11 jf 19
986-
(011) ldh [20]
987-
(012) jset #0x1fff jt 19 jf 13
988-
(013) ldxb 4*([14]&0xf)
989-
(014) ldh [x + 14]
990-
(015) jeq #0x2328 jt 18 jf 16
991-
(016) ldh [x + 16]
992-
(017) jeq #0x2328 jt 18 jf 19
993-
(018) ret #0
994-
(019) ret #262144
995-
(000) ldh [12]
996-
(001) jeq #0x800 jt 2 jf 18
997-
(002) ld [26]
998-
(003) and #0xffff0000
999-
(004) jeq #0xc0a80000 jt 34 jf 5
1000-
(005) ld [30]
1001-
(006) and #0xffff0000
1002-
(007) jeq #0xc0a80000 jt 34 jf 8
1003-
(008) ldb [23]
1004-
(009) jeq #0x6 jt 11 jf 10
1005-
(010) jeq #0x11 jt 11 jf 35
1006-
(011) ldh [20]
1007-
(012) jset #0x1fff jt 35 jf 13
1008-
(013) ldxb 4*([14]&0xf)
1009-
(014) ldh [x + 14]
1010-
(015) jeq #0x2328 jt 34 jf 16
1011-
(016) ldh [x + 16]
1012-
(017) jeq #0x2328 jt 34 jf 35
1013-
(018) jeq #0x806 jt 20 jf 19
1014-
(019) jeq #0x8035 jt 20 jf 26
1015-
(020) ld [28]
1016-
(021) and #0xffff0000
1017-
(022) jeq #0xc0a80000 jt 34 jf 23
1018-
(023) ld [38]
1019-
(024) and #0xffff0000
1020-
(025) jeq #0xc0a80000 jt 34 jf 35
1021-
(026) jeq #0x86dd jt 27 jf 35
1022-
(027) ldb [20]
1023-
(028) jeq #0x6 jt 30 jf 29
1024-
(029) jeq #0x11 jt 30 jf 35
1025-
(030) ldh [54]
1026-
(031) jeq #0x2328 jt 34 jf 32
1027-
(032) ldh [56]
1028-
(033) jeq #0x2328 jt 34 jf 35
1029-
(034) ret #0
1030-
(035) ret #262144
738+
......
739+
740+
......
741+
742+
......
1031743
debug: set new filter for horizon '(((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000))) or (vlan and ((not (net 192.168))) and (not (tcp port 9000)) and (not (udp port 9000)))'
1032744
root@xsense:
1033745
```

0 commit comments

Comments
 (0)