Magic Firewall fields
|Field Name
|Description
|The data center that is handling this traffic.
Example value:
sfo06
|Region of the data center that is handling this traffic.
Example value:
WNAM
|The raw ICMP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.
|The ICMP type. Only applies to ICMP packets.
Example value:
8
|The ICMP code. Only applies to ICMP packets.
Example value:
2
|The raw IP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.
|The destination address as specified in the IP packet.
Example value:
192.0.2.2
|Represents the 2-letter country code associated with the client IP address in ISO 3166-1 Alpha 2 format.
Example value:
GB
For more information on the ISO 3166-1 Alpha 2 format, see ISO 3166-1 Alpha 2 on Wikipedia.This field matches on both source and destination IP addresses.
|The length of the IPv4 header in bytes.
Example value:
5
|The length of the packet including the header.
Example value:
60
|The first byte of IP options field, if the options field is set.
Example value:
25
|The transport layer for the packet, if it can be determined.
Example values:
icmp,
tcp
|The source address of the IP Packet.
|The time-to-live of the IP Packet.
Example values:
54
|Determines if packets are valid L7 protocol SIP. Requires UDP packets to operate.
Use a guard clause as shown below to ensure the packet is UDP (wirefilter)
ip.proto == "udp"
|The raw TCP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.
|The numeric value of the TCP flags byte.
|TCP acknowledgment flag.
|TCP congestion window reduced flag.
|TCP ECN-Echo flag.
|TCP flag indicating this is the last packet from sender.
|TCP push flag.
|TCP reset flag.
|TCP synchronize flag.
|TCP urgent flag.
|Source port number of the IP packet. Only applies to TCP packets.
|Destination port number of the IP packet. Only applies to TCP packets.
|The raw UDP packet as a list of bytes. It should be used in conjunction with the bit_slice function when other structured fields are lacking.
|Destination port number of the IP packet. Only applies to UDP packets.
|Source port number of the IP packet. Only applies to UDP packets.