ip.addr == //显示所有目标或源地址是192.168.1.1的数据包[喝小酒的网摘]http://blog.hehehehehe.cn/a/17928.htm
ip.dst== //显示目标地址是192.168.1.1的数据包
ip.src == //显示源地址是192.168.1.1的数据包

eth.addr== 80:f6:2e:ce:3f:00   //根据MAC地址过滤,详见“wireshark过滤MAC地址/物理地址

ip.src==   //网络过滤,过滤一个网段


捕捉过滤抓包前在capture option中设置,仅捕获符合条件的包,可以避免产生较大的捕获文件和内存占用,但不能完整的复现测试时的网络环境。

host      //抓取192.168.1.1 收到和发出的所有数据包
src host    //源地址,发出的所有数据包
dst host    //目标地址,收到的所有数据包

src host hostname    //根据主机名过滤

ether  host 80:05:09:03:E4:35    //根据MAC地址过滤

net 192.168.1    //网络过滤,过滤整个网段
src net 192.168
dst net 192


非: ! or “not” (去掉双引号)
且: && or “and”
或: || or “or”


抓取所有目的地址是192.168.1.2 或192.168.1.3 端口是80 的TCP 数据

(tcp port 80) and ((dst host or (dst host   //捕获过滤

tcp.port==80&&(ip.dst==||ip.dst==    //显示过滤

抓取所有目标MAC 地址是80:05:09:03:E4:35 的ICMP 数据

(icmp) and ((ether dst host 80:05:09:03:E4:35))

icmp && eth.dst==80:05:09:03:E4:35

抓取所有目的网络是192.168,但目的主机不是192.168.1.2 的TCP 数据

(tcp) and ((dst net 192.168) and (not dst host


捕获主机192.168.1.1 和主机192.168.1.2 或192.168.1.3的通信

host and  ( or )



host and !


获取主机192.168.1.1接收或发出的telnet包,telnet使用tcp 23端口

tcp port 23 and host


发布了225 篇原创文章 · 获赞 115 · 访问量 162万+



Problem Description Professor X is an expert in network security. These days, X is planning to build a powerful network firewall, which is called Good Firewall (a.k.a., GFW). Network flows enter in the GFW will be forwarded or dropped according to pre-established forwarding policies. Basically, a forwarding policy P is a list of IP subnets, {ip_subnet_1, …, ip_subnet_n}. If P is enabled in GFW, a network flow F with source and destination IP address both located in P can be accepted and forwarded by GFW, otherwise F will be dropped by GFW. You may know that, an IP address is a 32-bit identifier in the Internet, and can be written as four 0~255 decimals. For example, IP address 01111011.00101101.00000110.01001110 can be expressed as An IP subnet is a block of adjacent IP address with the same binary prefix, and can be written as the first IP address in its address block together with the length of common bit prefix. For example, IP subnet 01111011.00101101.00000100.00000000/22 ( is an IP subnet containing 1024 IP addresses, starting from to If an IP address is in the range of an IP subnet, we say that the IP address is located in the IP subnet. And if an IP address is located in any IP subnet(s) in a policy P, we say that the IP address is located in the policy P. How will you design the GFW, if you take charge of the plan? Input The input file contains no more than 32768 lines. Each line is in one of the following three formats: E id n ip_subnet_1 ip_subnet_2 … ip_subnet_n D id F ip_src ip_dst The first line means that a network policy Pid (1<=id<=1024) is enabled in GFW, and there are n (1<=n <=15) IP subnets in Pid. The second line means that policy Pid (which is already enabled at least once) is disabled in GFW. The last line means that a network flow with source and destination IP address is entered in GFW, and you need to figure out whether GFW is going to forward (F) or drop (D) this flow: 1. If the source and destination IP address both are located in one of enabled policy group Pid, GFW will forward this flow. 2. Otherwise GFW will drop this flow. That is, if the source or destination IP address is not located in any of enabled policy group, or they are only located in different enabled policy group(s), GFW will drop it. IP subnets can be overlapped. An IP address may or may not be located in any policy group, and can also be located in multiple policy groups. In the global routing table, most of the IP subnets have at least 2^8 IP addresses, and at most 2^24 IP addresses. In our dataset, every IP subnet has a prefix length between 8 and 24. Output For each ‘F’ operation, output a single ‘F’ (forward) or ‘D’ (drop) in a single line. Just see the sample output for more detail. Sample Input E 1 2 F F E 2 1 D 1 F F Sample Output F F F D 问答


©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客