# This file was created by Wireshark. Edit with care.
@Tapped_AE@ip.src== 192.168.55.2@[21845,65535,32639][0,0,0]
@Intrepid@eth.type == 0xcab2@[0,65535,65535][0,0,65535]
@ICSG_CAN_ETH_GW@ip.src == 10.0.0.1@[65535,43690,0][65535,65535,65535]
!@Bad TCP@tcp.analysis.flags && !tcp.analysis.window_update && !tcp.analysis.keep_alive && !tcp.analysis.keep_alive_ack@[4626,10023,11822][63479,34695,34695]
!@HSRP State Change@hsrp.state != 8 && hsrp.state != 16@[4626,10023,11822][65535,64764,40092]
!@Spanning Tree Topology  Change@stp.type == 0x80@[4626,10023,11822][65535,64764,40092]
!@OSPF State Change@ospf.msg != 1@[4626,10023,11822][65535,64764,40092]
!@ICMP errors@icmp.type in { 3..5, 11 } || icmpv6.type in { 1..4 }@[4626,10023,11822][47031,63479,29812]
!@ARP@arp@[64250,61680,55255][4626,10023,11822]
!@ICMP@icmp || icmpv6@[64764,57568,65535][4626,10023,11822]
!@TCP RST@tcp.flags.reset eq 1@[42148,0,0][65535,64764,40092]
!@SCTP ABORT@sctp.chunk_type eq ABORT@[42148,0,0][65535,64764,40092]
!@IPv4 TTL low or unexpected@(ip.dst != 224.0.0.0/4 && ip.ttl < 5 && !(pim || ospf || eigrp || bgp || tcp.port==179)) || (ip.dst == 224.0.0.0/24 && ip.dst != 224.0.0.251 && ip.ttl != 1 && !(vrrp || carp || eigrp || rip || glbp))@[42148,0,0][60652,61680,60395]
!@IPv6 hop limit low or unexpected@(ipv6.dst != ff00::/8 && ipv6.hlim < 5 && !( ospf|| bgp || tcp.port==179)) || (ipv6.dst==ff00::/8 && ipv6.hlim not in {1, 64, 255})@[42148,0,0][60652,61680,60395]
!@Checksum Errors@eth.fcs.status=="Bad" || ip.checksum.status=="Bad" || tcp.checksum.status=="Bad" || udp.checksum.status=="Bad" || sctp.checksum.status=="Bad" || mstp.checksum.status=="Bad" || cdp.checksum.status=="Bad" || edp.checksum.status=="Bad" || wlan.fcs.status=="Bad" || stt.checksum.status=="Bad"@[4626,10023,11822][63479,34695,34695]
!@SMB@smb || nbss || nbns || netbios@[65278,65535,53456][4626,10023,11822]
!@HTTP@http || tcp.port == 80 || http2@[58596,65535,51143][4626,10023,11822]
!@DCERPC@dcerpc@[51143,38807,65535][4626,10023,11822]
!@Routing@hsrp || eigrp || ospf || bgp || cdp || vrrp || carp || gvrp || igmp || ismp@[65535,62451,54998][4626,10023,11822]
!@TCP SYN/FIN@tcp.flags & 0x02 || tcp.flags.fin == 1@[41120,41120,41120][4626,10023,11822]
!@TCP@tcp@[59367,59110,65535][4626,10023,11822]
!@UDP@udp@[56026,61166,65535][4626,10023,11822]
!@Broadcast@eth[0] & 1@[65535,65535,65535][47802,48573,46774]
!@System Event@systemd_journal || sysdig@[59110,59110,59110][11565,28527,39578]