wireshark分为两个过滤器:捕捉过滤器 和 显示过滤器
捕捉过滤器的语法;
Protocol | Direction | Host(s) | Value | Logical Operations | Other expression |
Protocol:
可能值: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.
Direction:
可能值: src, dst, src and dst, src or dst
Host(s):
可能值: net, port, host, portrange.
Logical Operations:
可能值:not, and, or.
参考官方文档如下:
https://wiki.wireshark.org/CaptureFilters
常见用法
tcp or udp or ip or icmp
tcp port 80
tcp portrange 80-89
ip src host 10.0.2.1
一些特别的用法:
host www.baidu.com
proto \icmp udp tcp ip
host 10.0.0.1
net 10.0.0.2
ip/ether multicast/broadcast
not broadcast/multicast
显示过滤器的用法:
Protocol.String1.String2 Comparation Operator Value Logical Operations Other expression
Protocol: tcp udp ip icmp ospf http oicq
String : addr src dst ack ........
Logical Operations : and or not
这个地方就比较复杂了,我们可以在实际的软件中看到显示过滤的命令,从实际中来学这部分命令
Protocol | Direction | Host(s) | Value | Logical Operations | Other expression |