只显示指定端口
tcp.port==9999
tcp.dstport==9999
tcp.srcport==80
网络地址过滤
ip==192.168.101.8
ip.dst==192.168.101.8
ip.src==1.1.1.1
组合过滤
ip.addr == 192.168.91.1 and tcp.port==9999
ip.addr == 192.168.91.1 or tcp.port==9999
ip.dst_host==192.168.91.1 and tcp.dstport==9999
not arp and !(tcp.port == 3389)
条件判断表达式
==、<=、>=、||
!=(排除,低版本无效)
tcp.port != 8080
ip.addr == 192.168.8.99 and tcp.port<=9999
协议过滤
框中直接输入协议名即可
http
tcp
udp
http模式过滤
http.request.method=="GET"
http.request.method=="POST" and http
http响应状态码
http.response.code==302
请求的uri
http.request.uri=="/admin/1.jpg"
含域名的整个url
http.request.full_uri=="http://9.9.9.9/linux/PuTTY.exe"
http头server字段带nginx字符
http.server contains "nginx"