Get raw text for this example
/*     Waits for defined packets for a interval of time. Displays the result: accepted or not accepted (droped).     run like this:   anettest -d eth0 -f this_file.fws    */
 INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without INCLUDE
PARAMETERS: <name of file>
Starts processing the content of given file. The search of file will be performed in the current directory, all search paths (see option -I). For every path the content of samples, headers, traces folders will be also examined. You can also type just the name of file without include before it.
before it.
before it.
tcp
/* fills the packet
's content by default values, but it'
s not important now   it's important that this header also defines the default mask for tcp packet, see below   */
 srcport = 80
/* after processing this record the buffer of packet will be changed,   in the mask of packet will also be added condition: srcport must be equal to 80.   */
 ip.len < 40
/* in the mask of packet will be added this condition   the buffer of packet will not change   */
 
/* Supported conditions (don't change the buffer of packet)     ip.len > 500   ip.len >= 500   ip.len < 500   ip.len <= 500   ip.len != 500     */
 ip.len = any
/* excludes from mask the all conditions which are using ip.len field   so the previous record may be ignored   */
 timeout 5000
/* sets timeout = 5000 milliseconds, the default timeout is infinite waiting,   0 means infinite wait, this timeout will be used by WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT
PARAMETERS: {accept | drop | any }
Request specification. The request that the packet must be received. Analog of SEND ACCEPT. It may be processed as command while testing packet filter only (command FASTTEST or option -c). In common regime it may be among parameters to command only.
ANY ANY
PARAMETERS: {accept | drop | any }
Request specification. No requests: the packet may be received or not. Analog of SEND ANY. It may be processed as command while testing packet filter only (command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
or option -c). In common regime it may be amoung parameters to command only. This special word may also be used as value for field that means exclusion the all conditions with this field from current mask of packet - value of the field may be any.
... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
(WAITALL
PARAMETERS: no parameters
The analog of WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command (or using of UNFIX
PARAMETERS: no parameters
By default after the work of WAIT command (its analogs) the statuses for all waited packets will be fixed, so there may be no packets to wait for the next call to WAIT. This command marks these old packets as newly added. The previous status for them will be lost. Take a note of that ALL old packets will be unfixed, so they will be waited: this may cause unexpected results. Consider the use of CLEARREG
PARAMETERS: no parameters
Clears the information about all the packets which were added to the waited ones (by WAIT, ADD
PARAMETERS:
Alias of TOWAIT command.
commands). They will not be displayed in final report (or in the report that is displayed by SHOWREP
PARAMETERS: no parameters
Displays a report which is the same as that displayed while program termination.
command). If this command is typed at the end of script then it omits the displaying of final report (sense there are no packet in it).
command.
command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
but before WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command,   see also the description of TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
command   */
// starts to wait any TCP packet from HTTP server
  wait
/* Waits for above packet, only mask of packet will be considered,   will wait until timeout is expired or such packet is recieved,   also fixes the current packet, registrates it,   the default request for packet will be applied: must be accepted   */
// SECOND
PARAMETERS: no command
This special value retrieves field's value from the second packet in trace file.
PACKET.
// NOTE: the mask of packet will also be inherited by next packets
CLEARMASK
PARAMETERS: no parameters
The mask of packet (the set of previously defined conditions) will be cleared. New mask will correspond to any packet. This command is usually contained in headers to make the mask correspond to all packets of given type (ex: TCP packets).
// this command clears the mask so that the mask will correspond to any packet
ethproto = ip
// these two conditions define any tcp packet (over IP, EthernetII)
ip.proto = tcp
// they are initially specified in TCP header file and are typed hear because of the presence of CLEARMASK
PARAMETERS: no parameters
The mask of packet (the set of previously defined conditions) will be cleared. New mask will correspond to any packet. This command is usually contained in headers to make the mask correspond to all packets of given type (ex: TCP packets).
command
dstport = 80
// starts to wait any TCP packet to HTTP server
WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT
PARAMETERS: {accept | drop | any }
Request specification. The request that the packet must be received. Analog of SEND ACCEPT. It may be processed as command while testing packet filter only (command FASTTEST or option -c). In common regime it may be among parameters to command only.
ANY ANY
PARAMETERS: {accept | drop | any }
Request specification. No requests: the packet may be received or not. Analog of SEND ANY. It may be processed as command while testing packet filter only (command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
or option -c). In common regime it may be amoung parameters to command only. This special word may also be used as value for field that means exclusion the all conditions with this field from current mask of packet - value of the field may be any.
... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
(WAITALL
PARAMETERS: no parameters
The analog of WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command (or using of UNFIX
PARAMETERS: no parameters
By default after the work of WAIT command (its analogs) the statuses for all waited packets will be fixed, so there may be no packets to wait for the next call to WAIT. This command marks these old packets as newly added. The previous status for them will be lost. Take a note of that ALL old packets will be unfixed, so they will be waited: this may cause unexpected results. Consider the use of CLEARREG
PARAMETERS: no parameters
Clears the information about all the packets which were added to the waited ones (by WAIT, ADD
PARAMETERS:
Alias of TOWAIT command.
commands). They will not be displayed in final report (or in the report that is displayed by SHOWREP
PARAMETERS: no parameters
Displays a report which is the same as that displayed while program termination.
command). If this command is typed at the end of script then it omits the displaying of final report (sense there are no packet in it).
command.
command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND
PARAMETERS: {accept | drop | any }
In common regime generates the packet defined above. In other regimes (testing packet filter, see command FASTTEST
PARAMETERS: no parameters
Enables fasttest regime for packet filter test. See "samples/fasttest".
and option -c) may simply separate packets one from another, so by this command the current content of buffer will be fixed and the new packet will be registered. The requests after command don't make sense in common regime (only while testing packet filter).
but before WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in DEFAULTS
PARAMETERS: {accept | drop | any | REVERS
PARAMETERS: not command
Request specification. May only be given in parameters for DEFAULT command. Instructs to reverse the request for every packet.
}
Defines default requests for packets. These requests will be applied when there are not enough explicitly defined requests for some packet (specified as parameters to command SEND, WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
and its analogs). Initially default requests are ACCEPT ANY ANY... i.e. a single request for the first interface specified via option -d.
(command DEFAULT). For TCP DEVICE
PARAMETERS: <type of device> {<name of interface>}
Reopens interfaces. The type of device: eth, ip, tcp. The name of device is the same as for -d option, depends on the type of device. New line terminates the list of names.
the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT
PARAMETERS: {accept | drop | any }
Analog of WAIT command. Adds the above packet to the set of packets which will be waited by command WAIT or its analogs. This command does not start actual waiting (doesn't suspend script execution). Nevertheless, just after adding the packet may be registered as received. If some packet is registered as received before the call to WAIT (WAITALL
PARAMETERS: no parameters
The analog of WAIT command. Doesn't add the previously defined packet to the list of waited ones. Starts waiting simply. Packets may be already added by ADD
PARAMETERS:
Alias of TOWAIT command.
command (or using of UNFIX command).
) then the command will ignore it and wait for a next packet (see also SENDWAITOTHER
PARAMETERS: no parameters
Works similar to "SEND WAITALL" sentence. Purpose: make atomic operation. Without this command there would be a chance that a waited packet did not cause command WAITALL stop waiting if it was accepted after SEND but before WAITALL started waiting. However it would be registered as received in any case. This command should be always used when you need to send a request and RELIABLY receive a response on it never missing.
).
command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT
PARAMETERS: {accept | drop | any }
Waits for packet whose mask is defined above. The command will finish work when such packet is received on waitable interface. The waitable interface is interface for which strict request (accept or drop) have been specified in parameters to command or in defaults (command DEFAULT). For TCP device the command will only wait data on the main interface. In the general case command may wait no one but several packets (added by ADD
PARAMETERS:
Alias of TOWAIT command.
command). If any of them is received then command terminates. Command waits packets until timeout expires (command TIMEOUT
PARAMETERS: <interval in milliseconds>
Defines the timeout for WAIT command (and its analogs), also for imitation of application's work. Null value means infinite timeout (such timeout will not be applied for imitation of application's work). In the case of negative value its absolute value will be obtained as timeout, but WAIT command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
command (its analogs) will work differently: it will always wait for the whole timeout (not terminating on first received packet). So several packets may be registered as received. This command also defines the timeout for TCP server while waiting for connections.
). See "samples/waiting_packets.fws".
drop
// drop request is specified, the packet must not be recieved
 
/*   Output - the list of packets whose status doesn't correspond the requests:     Web browser was working:     Packet on line 61 (waiting_packets.fws) : accepted (sdev 0)     Web browser was not working:     Packet on line 42 (waiting_packets.fws) : droped (sdev 0)     See also -v option.  */