Get raw text for this example (you can click any command below to see its doc) 
CLEARHISTORY
   
PARAMETERS: no parameters


Clears info about the maximum size of previous packets. New packet may be smaller than previous ones. This command also makes all auto-calculated values inactive.




    
// indicates the start of the new sequence of packets (with initial size = 0)

CLEARMASK
   
PARAMETERS: no parameters


The mask of packet (the set of previously defined conditions) will be cleared. New mask will correspond to any packet. This command is usually contained in headers to make the mask correspond to all packets of given type (ex: TCP packets).





POS
   
PARAMETERS: <new position> | <field's name>


Sets the <new position> of byte pointer. In the case of <field's name> new position will be equal to field's position.




 0


// filling the minimal ethernet header



// MAC address of destination

.dstmac    22-22-22-22-22-22
dstmac    0x222222222222  
// correct as well

dstmac    222222222222    
// correct as well



// MAC address of source

.srcmac    11:11:11:11:11:11


// code of higher level protocol

.ethproto  0x0800

DEFINE
   
PARAMETERS: <name> <value>


Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
   
PARAMETERS: <new name> <original name>


Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$').




.




 ip  0x0800
DEFINE
   
PARAMETERS: <name> <value>


Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
   
PARAMETERS: <new name> <original name>


Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$').




.




 arp 0x0806
DEFINE
   
PARAMETERS: <name> <value>


Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
   
PARAMETERS: <new name> <original name>


Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$').




.




 vlan 0x8100
DEFINE
   
PARAMETERS: <name> <value>


Defines the substitution which will be applied while reading some values (in parameters to commands and others). <name> will be replaced by <value>. This substitution may be also performed in strings enclosed in apostrophes. In this case the <name> must be enclosed in $ (ex: 'value = $name$'. See also command GDEF
   
PARAMETERS: <new name> <original name>


Defines the substitution which will be applied while reading almost any read word from text. <New name> will be replaced by <original name>. This substitution may be also performed in strings enclosed in apostrophes. In this case the name must be enclosed in $ (ex: 'value = $name$').




.




 ip6 0x86dd