Merge pull request #92 from jtpereyda/tcpdump

Add tcpdump.cfg

rainbow/config/builtin/tcpdump.cfg

@@ -0,0 +1,36 @@
+[filters]
+# IPv4 address+port:
+reset-all-after: (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,5}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
+magenta-before: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}
+blue-after: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\.
+reset-after: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}
+
+# MAC address:
+yellow: ([0-9a-f]{2}\:){5}[0-9a-f]{2}
+
+# TCP/UDP flags:
+# 1.  TCP Flags
+# 2.  UDP indicator
+# 3.  UDP indicator with checksum indicator
+#         Note: Bare "[udp sum ok]" is highlighted because tcpdump will
+#         sometimes omit the "UDP"
+cyan: (?<=Flags )\[[SP\.RFU]+\]
+      (?<=\: )UDP
+      (?<=\: )\[udp sum ok\]( UDP)?
+
+# error conditions (UDP, TCP, IPv4):
+red: (?<=\: )\[bad udp cksum.*?\]
+     cksum \S+ \(incorrect.*?\)
+     bad cksum .*?!
+
+# Network-layer Description (e.g. "IP")
+# 1.  With -e flag
+# 2.  With -e flag where no link layer addresses exist (e.g. VPN interface)
+# 3.  Without -e flag
+bold: (?<=ethertype )\S+ \S+(?=,)
+      (?<=^\d{2}\:\d{2}\:\d{2}\.\d{6} AF )[^\s\:]+\s
+      (?<=^\d{2}\:\d{2}\:\d{2}\.\d{6} )[^\s\:]+\s
+
+# Time stamp:
+faint: \d{2}\:\d{2}\:\d{2}\.\d{6}
+