Major INSPECT macros supported by PacketMon
IP Header
|
Macro |
Purpose |
Example |
|---|---|---|
|
ip_tos |
Type Of Service field |
ip_tos=1 |
|
ip_len |
Total Length field |
Ip_len=20 |
|
ip_id |
Identification field |
ip_id=100 |
|
ip_off |
Flags and Fragment Offset fields |
ip_off>0 |
|
ip_ttl |
TTL field |
ip_ttl<80 |
|
ip_p |
Protocol field |
ip_p=6 |
|
ip_sum |
Header Checksum field |
ip_sum!=0 |
|
src |
Source address field |
src=194.29.35.43 |
|
dst |
Destination address field |
dst=194.29.35.43 |
TCP
|
Macro |
Purpose |
Example |
|---|---|---|
|
sport |
Source port |
sport=21 |
|
dport |
Destination port |
dport=21 |
|
th_seq |
Sequence Number |
th_seq=0 |
|
th_ack |
Acknowledgment Number |
th_ack>0 |
|
th_flags |
Control Bits |
th_flags=TH_RST |
|
th_win |
Window |
th_win>128 |
|
th_sum |
Checksum |
th_sum!=0 |
|
th_urp |
Urgent Pointer |
th_urp!=0 |
|
syn |
SYN flag is set |
syn |
|
fin |
FIN flag is set |
fin |
|
rst |
RST flag is set |
rst |
|
ack |
ACK flag is set |
ack |
|
first |
First TCP packet (only SYN is set) |
first |
|
established |
TCP handshake completed |
established |
|
not_first |
Not first packet (SYN flag is not set) |
not_first |
|
last |
Last TCP packet |
last |
|
tcpdone |
FIN or RST flags are set |
tcpdone |
UDP
|
Macro |
Purpose |
Example |
|---|---|---|
|
sport |
Source port |
sport=21 |
|
dport |
Destination port |
dport=21 |
|
uh_ulen |
length |
uh_ulen>100 |
|
uh_sum |
Checksum |
uh_sum=0 |
ICMP
|
Macro |
Purpose |
Example |
|---|---|---|
|
icmp_type |
Type |
icmp_type=ICMP_ECHOREPLY |
|
icmp_code |
Code |
icmp_code=ICMP_UNREACH_NET |
|
icmp_cksum |
Checksum |
icmp_cksum=0 |