wireshark捕获指定ip地址数据包

显示过滤:wireshark过滤经过指定ip的数据包

显示过滤可以完整的复现测试时的网络环境,但会产生较大的捕获文件和内存占用。

ip.addr ==192.168.1.1 //显示所有目标或源地址是192.168.1.1的数据包[喝小酒的网摘]http://blog.hehehehehe.cn/a/17928.htm
ip.dst==192.168.1.1 //显示目标地址是192.168.1.1的数据包
ip.src ==192.168.1.1 //显示源地址是192.168.1.1的数据包

eth.addr== 80:f6:2e:ce:3f:00   //根据MAC地址过滤,详见“wireshark过滤MAC地址/物理地址

ip.src==192.168.0.0/16   //网络过滤,过滤一个网段

捕获过滤:wireshark捕获经过指定ip的数据包

捕捉过滤抓包前在capture option中设置,仅捕获符合条件的包,可以避免产生较大的捕获文件和内存占用,但不能完整的复现测试时的网络环境。

host 192.168.1.1      //抓取192.168.1.1 收到和发出的所有数据包
src host 192.168.1.1    //源地址,192.168.1.1发出的所有数据包
dst host 192.168.1.1    //目标地址,192.168.1.1收到的所有数据包

src host hostname    //根据主机名过滤

ether  host 80:05:09:03:E4:35    //根据MAC地址过滤

net 192.168.1    //网络过滤,过滤整个网段
src net 192.168
dst net 192

使用“非/且/或”建立组合过滤条件可以获得更精确的捕获

非: ! or “not” (去掉双引号)
且: && or “and”
或: || or “or”

wirershark过滤指定ip收发数据包示例:

抓取所有目的地址是192.168.1.2 或192.168.1.3 端口是80 的TCP 数据

(tcp port 80) and ((dst host 192.168.1.2) or (dst host
192.168.1.3))   //捕获过滤

tcp.port==80&&(ip.dst==192.168.1.2||ip.dst==192.168.1.3)    //显示过滤

抓取所有目标MAC 地址是80:05:09:03:E4:35 的ICMP 数据

(icmp) and ((ether dst host 80:05:09:03:E4:35))

icmp && eth.dst==80:05:09:03:E4:35

抓取所有目的网络是192.168,但目的主机不是192.168.1.2 的TCP 数据

(tcp) and ((dst net 192.168) and (not dst host 192.168.1.2))

tcp&&ip.src==192.168.0.0/16&&!(ip.src==192.168.1.2)

捕获主机192.168.1.1 和主机192.168.1.2 或192.168.1.3的通信

host 192.168.1.1 and  (192.168.1.2 or 192.168.1.3 )

ip.addr==192.168.1.1&&(ip.addr==192.168.1.2||ip.addr==192.168.1.3)

获取主机192.168.1.1除了和主机192.168.1.2之外所有主机通信的数据包

host 192.168.1.1 and ! 192.168.1.2

ip.addr==192.168.1.1&&!ip.addr==192.168.1.2

获取主机192.168.1.1接收或发出的telnet包,telnet使用tcp 23端口

tcp port 23 and host 192.168.1.1

tcp.port==23&&ip.addr==192.168.1.1

发布了225 篇原创文章 · 获赞 115 · 访问量 162万+
展开阅读全文

IP地址的计算问题,输出对IP地址判断的结果,谢谢

12-13

Problem Description Professor X is an expert in network security. These days, X is planning to build a powerful network firewall, which is called Good Firewall (a.k.a., GFW). Network flows enter in the GFW will be forwarded or dropped according to pre-established forwarding policies. Basically, a forwarding policy P is a list of IP subnets, {ip_subnet_1, …, ip_subnet_n}. If P is enabled in GFW, a network flow F with source and destination IP address both located in P can be accepted and forwarded by GFW, otherwise F will be dropped by GFW. You may know that, an IP address is a 32-bit identifier in the Internet, and can be written as four 0~255 decimals. For example, IP address 01111011.00101101.00000110.01001110 can be expressed as 123.45.6.78. An IP subnet is a block of adjacent IP address with the same binary prefix, and can be written as the first IP address in its address block together with the length of common bit prefix. For example, IP subnet 01111011.00101101.00000100.00000000/22 (123.45.4.0/22) is an IP subnet containing 1024 IP addresses, starting from 123.45.4.0 to 123.45.7.255. If an IP address is in the range of an IP subnet, we say that the IP address is located in the IP subnet. And if an IP address is located in any IP subnet(s) in a policy P, we say that the IP address is located in the policy P. How will you design the GFW, if you take charge of the plan? Input The input file contains no more than 32768 lines. Each line is in one of the following three formats: E id n ip_subnet_1 ip_subnet_2 … ip_subnet_n D id F ip_src ip_dst The first line means that a network policy Pid (1<=id<=1024) is enabled in GFW, and there are n (1<=n <=15) IP subnets in Pid. The second line means that policy Pid (which is already enabled at least once) is disabled in GFW. The last line means that a network flow with source and destination IP address is entered in GFW, and you need to figure out whether GFW is going to forward (F) or drop (D) this flow: 1. If the source and destination IP address both are located in one of enabled policy group Pid, GFW will forward this flow. 2. Otherwise GFW will drop this flow. That is, if the source or destination IP address is not located in any of enabled policy group, or they are only located in different enabled policy group(s), GFW will drop it. IP subnets can be overlapped. An IP address may or may not be located in any policy group, and can also be located in multiple policy groups. In the global routing table, most of the IP subnets have at least 2^8 IP addresses, and at most 2^24 IP addresses. In our dataset, every IP subnet has a prefix length between 8 and 24. Output For each ‘F’ operation, output a single ‘F’ (forward) or ‘D’ (drop) in a single line. Just see the sample output for more detail. Sample Input E 1 2 123.45.4.0/22 123.45.8.0/22 F 123.45.4.1 123.45.8.1 F 123.45.8.1 123.45.4.1 E 2 1 123.45.6.0/24 D 1 F 123.45.6.123 123.45.6.234 F 123.45.8.1 123.45.4.1 Sample Output F F F D 问答

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览