Wireshark HTTP filter 参考

HTTP 过滤规则

• http.accept String
• http.accept_encoding String
• http.accept_language String
• http.authbasic String
• http.authorization String
• http.cache_control String
• http.connection String
• http.content_encoding String
• http.content_length Unsigned 32-bit integer
• http.content_type String
• http.cookie String
• http.date String
• http.host String
• http.last_modified String
• http.location String
• http.notification Boolean
• http.proxy_authenticate String
• http.proxy_authorization String
• http.referer String
• http.request Boolean
• http.request.method String
• http.request.uri String
• http.request.version String
• http.response Boolean
• http.response.code Unsigned 16-bit integer
• http.server String
• http.set_cookie String
• http.transfer_encoding String
• http.user_agent String
• http.www_authenticate String
• http.x_forwarded_for String

所有 HTTP 流量

http

所有 flash视频相关

http.request.uri contains "flv" or http.request.uri contains "swf" or http.content_type contains "flash" or http.content_type contains "video"

Show non-google cache-control

http.cache_control != "private, x-gzip-ok="""

or

(((((http.cache_control != "private, x-gzip-ok=""") && !(http.cache_control == "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private")) && !(http.cache_control == "max-age=0, no-store")) && !(http.cache_control == "private")) && !(http.cache_control == "no-cache")) && !(http.cache_control == "no-transform")

http返回代码过滤

#404: page not found
http.response.code == 404

#200: OK
http.response.code == 200

http方法

http.request.method == "POST" || http.request.method == "PUT"

文件类型 "text"

http.content_type[0:4] == "text"

包含 javascript

http.content_type contains "javascript"

http内容是"image/(gif|jpeg|png|etc)"

http.content_type[0:5] == "image"

http 内容是 "image/gif"

http.content_type == "image/gif"

要仅显示HTTP的头部而不显示内容

http.response !=0 || http.request.method != "TRACE"