In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-09-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/02 Report--
This article mainly introduces what the wireshark filtering rules are. It is very detailed and has a certain reference value. Friends who are interested must read it!
Wireshark filtering rules: 1, IP filtering, including source IP or destination IP equal to a certain IP;2, port filtering; 3, protocol filtering tcp;4, packet length filtering; 5, http mode filtering.
Wireshark filtering rules:
1. IP filtering: including source IP or destination IP equal to a certain IP
For example: ip.src addr==192.168.0.208 or ip.src addr eq 192.168.0.208 shows the source IP
Ip.dst addr==192.168.0.208 or ip.dst addr eq 192.168.0.208 displays the target IP
Second, port filtering:
For example, tcp.port eq 80 / / is displayed regardless of whether the port is source or destination
Tcp.port = = 80
Tcp.port eq 2722
Tcp.port eq 80 or udp.port eq 80
Tcp.dstport = = 80 / / shows only the target port 80 of the tcp protocol
Tcp.srcport = = 80 / / shows only the source port 80 of the tcp protocol
Filter Port ran
Tcp.port > = 1 and tcp.port = 7 refers to the ip packet (the piece of data under the tcp), excluding the tcp itself
Ip.len = = 94 except for the fixed length of the Ethernet header 14, all are considered ip.len, that is, from the ip itself to the end
Frame.len = = 119entire packet length, from eth to the end
5. Http mode filtering:
Example:
Http.request.method = "GET" http.request.method = = "POST" http.request.uri = "/ img/logo-edu.gif" http contains "GET" http contains "HTTP/1." / / GET package contains a header field http.request.method = = "GET" & & http contains "Host:" http.request.method = = "GET" & & http contains "User-Agent:" / / POST package contains a header field http.request.method = = "POST" & & http Contains "Host:" http.request.method = = "POST" & & http contains "User-Agent:" / / the response package contains a header field http contains "HTTP/1.1 200 OK" & & http contains "Content-Type:" http contains "HTTP/1.0 200 OK" & & http contains "Content-Type:"
VI. The connector and / or
Expression:! (arp.src==192.168.1.1) and! (arp.dst.proto_ipv4==192.168.1.243)
Expert.message is used to filter info information, mainly in conjunction with contains.
The above is all the content of the article "what are the wireshark filtering rules?" Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
The market share of Chrome browser on the desktop has exceeded 70%, and users are complaining about
The world's first 2nm mobile chip: Samsung Exynos 2600 is ready for mass production.According to a r
A US federal judge has ruled that Google can keep its Chrome browser, but it will be prohibited from
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
About us Contact us Product review car news thenatureplanet
More Form oMedia: AutoTimes. Bestcoffee. SL News. Jarebook. Coffee Hunters. Sundaily. Modezone. NNB. Coffee. Game News. FrontStreet. GGAMEN
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
