Explanation of MikroTik Layer 2 Firewall Pattern Matchers

This entry was posted in Firewall MikroTik VLANs on by

 

Slide1

Slide2

Slide3

Slide4

Slide5

Slide6

Slide7

Slide8

Slide9

Slide10

Slide11

Slide12

Slide13

Slide14

Slide15

Slide16

Slide17

Slide18

Slide19

Slide20

Slide21

Slide22

Slide23

Slide24

Slide25

Slide26

Slide27

Slide28

Slide29

Slide30

Slide31

Slide32

 

 

Ethernet Frame

MAC Addresses

Logical Link Control (802.2)

ARP Wikipedia Page

 

EtherType Table

EtherType Protocol
0x0004 802.2 Frames
0x0800 Internet Protocol version 4 (IPv4)
0x0806 Address Resolution Protocol (ARP)
0x0842 Wake-on-LAN
0x22F3 IETF TRILL Protocol
0x22EA Stream Reservation Protocol
0x6003 DECnet Phase IV
0x8035 Reverse Address Resolution Protocol
0x809B AppleTalk (Ethertalk)
0x80F3 AppleTalk Address Resolution Protocol (AARP)
0x8100 VLAN-tagged frame (IEEE 802.1Q) and Shortest Path Bridging
0x8137 IPX
0x8204 QNX Qnet
0x86DD Internet Protocol Version 6 (IPv6)
0x8808 Ethernet flow control
0x8809 Ethernet Slow Protocols such as the Link Aggregation Control Protocol
0x8819 CobraNet
0x8847 MPLS unicast
0x8848 MPLS multicast
0x8863 PPPoE Discovery Stage
0x8864 PPPoE Session Stage
0x886D Intel Advanced Networking Services [12]
0x8870 Jumbo Frames (Obsoleted draft-ietf-isis-ext-eth-01)
0x887B HomePlug 1.0 MME
0x888E EAP over LAN (IEEE 802.1X)
0x8892 PROFINET Protocol
0x889A HyperSCSI (SCSI over Ethernet)
0x88A2 ATA over Ethernet
0x88A4 EtherCAT Protocol
0x88A8 Provider Bridging (IEEE 802.1ad) & Shortest Path Bridging IEEE 802.1aq
0x88AB Ethernet Powerlink
0x88B8 GOOSE (Generic Object Oriented Substation event)
0x88B9 GSE (Generic Substation Events) Management Services
0x88BA SV (Sampled Value Transmission)
0x88CC Link Layer Discovery Protocol (LLDP)
0x88CD SERCOS III
0x88DC WSMP, WAVE Short Message Protocol
0x88E1 HomePlug AV MME
0x88E3 Media Redundancy Protocol (IEC62439-2)
0x88E5 MAC security (IEEE 802.1AE)
0x88E7 Provider Backbone Bridges (PBB) (IEEE 802.1ah)
0x88F7 Precision Time Protocol (PTP) over Ethernet (IEEE 1588)
0x88F8 NC-SI
0x88FB Parallel Redundancy Protocol (PRP)
0x8902 IEEE 802.1ag Connectivity Fault Management (CFM) Protocol / ITU-T Recommendation Y.1731 (OAM)
0x8906 Fibre Channel over Ethernet (FCoE)
0x8914 FCoE Initialization Protocol
0x8915 RDMA over Converged Ethernet (RoCE)
0x891D TTEthernet Protocol Control Frame (TTE)
0x892F High-availability Seamless Redundancy (HSR)
0x9000 Ethernet Configuration Testing Protocol
0x9100 VLAN-tagged (IEEE 802.1Q) frame with double tagging

 

SAP Codes

Hex Meaning
0x00 Null LSAP
0x02 Individual LLC Sublayer Mgt
0x03 Group LLC Sublayer Management Function
0x04 SNA Path Control (individual)
0x05 IBM SNA Path Control (group)
0x06 Reserved for DoD IP
0x08 SNA
0x0E ProWay-LAN
0x18 Texas Instruments
0x42 IEEE 802.1 Bridge Spanning Tree Protocol
0x4E EIA-RS 511
0x5E ISI IP
0x7E ISO 8208 (X.25 over IEEE 802.2 Type LLC)
0x80 Xerox Network Systems (XNS)
0x82 BACnet/Ethernet
0x86 Nestar
0x8E ProWay-LAN (IEC 955)
0x98 ARPANET Address Resolution Protocol (ARP)
0xA6 RDE (route determination entity)
0xAA SNAP Extension Used
0xBC Banyan Vines
0xE0 Novell NetWare
0xF0 IBM NetBIOS
0xF4 IBM LAN Management (individual)
0xF8 IBM Remote Program Load (RPL)
0xFA Ungermann-Bass
0xFE OSI protocols ISO CLNS IS 8473

 

ARP Operation Codes

Number 
Operation Code (op) 
References 
0 Reserved [RFC5494]
1 REQUEST [RFC826][RFC5227]
2 REPLY [RFC826][RFC5227]
3 request Reverse [RFC903]
4 reply Reverse [RFC903]
5 DRARP-Request [RFC1931]
6 DRARP-Reply [RFC1931]
7 DRARP-Error [RFC1931]
8 InARP-Request [RFC2390]
9 InARP-Reply [RFC2390]
10 ARP-NAK [RFC1577]
11 MARS-Request [Grenville_Armitage]
12 MARS-Multi [Grenville_Armitage]
13 MARS-MServ [Grenville_Armitage]
14 MARS-Join [Grenville_Armitage]
15 MARS-Leave [Grenville_Armitage]
16 MARS-NAK [Grenville_Armitage]
17 MARS-Unserv [Grenville_Armitage]
18 MARS-SJoin [Grenville_Armitage]
19 MARS-SLeave [Grenville_Armitage]
20 MARS-Grouplist-Request [Grenville_Armitage]
21 MARS-Grouplist-Reply [Grenville_Armitage]
22 MARS-Redirect-Map [Grenville_Armitage]
23 MAPOS-UNARP [Mitsuru_Maruyama][RFC2176]
24 OP_EXP1 [RFC5494]
25 OP_EXP2 [RFC5494]
26-65534 Unassigned  
65535 Reserved [RFC5494]

 

ARP Hardware Codes

0 Reserved
1 Ethernet
2 Experimental Ethernet
3 Amateur Radio AX.25
4 Proteon ProNET Token Ring
5 Chaos
6 IEEE 802 Networks
7 ARCNET
8 Hyperchannel
9 Lanstar
10 Autonet Short Address
11 LocalTalk
12 LocalNet (IBM PCNet or SYTEK LocalNET)
13 Ultra link
14 SMDS
15 Frame Relay
16 Asynchronous Transmission Mode (ATM)
17 HDLC
18 Fibre Channel
19 Asynchronous Transmission Mode (ATM)
20 Serial Line
21 Asynchronous Transmission Mode (ATM)
22 MIL-STD-188-220
23 Metricom
24 IEEE 1394.1995
25 MAPOS
26 Twinaxial
27 EUI-64
28 HIPARP
29 IP and ARP over ISO 7816-3
30 ARPSec
31 IPsec tunnel
32 InfiniBand (TM)
33 TIA-102 Project 25 Common Air Interface (CAI)
34 Wiegand Interface
35 Pure IP
36 HW_EXP1
37 HFI
38-255 Unassigned
256 HW_EXP2
257 AEthernet
258-65534 Unassigned
65535 Reserved

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.