Network

【Network】Wireshark 常用过滤命令

Posted by 西维蜀黍 on 2017-06-04, Last Modified on 2024-09-18

过滤规则

基于协议的过滤规则

链路层

  • 以太网:eth

网络层

  • IP(网际协议) :ip
  • ICMP(Internet互联网控制报文协议):icmp
  • IGMP(Internet组织管理协议):igmp
  • ARP(地址解析协议):arp

传输层

  • TCP(传输控制协议):tcp
  • UDP(用户数据报协议):udp

应用层

  • HTTP(HyperText Transfer Protocol,超文本传输协议):http
  • DHCP(Dynamic Host Configuration Protocol,动态主机配置协议):bootp
  • DNS(Domain Name System,域名服务协议):dns
  • FTP(File Transfer Protocol,文件传输协议)-ftp
  • SMTP(Simple Mail Transfer ProtocolSimple Mail Transfer Protocol,简单邮件传输协议)-smtp
  • POP3(Post Office Protocol - Version 3,邮局协议版本3)-pop3
  • SSL(Secure Sockets Layer 安全套接层Secure Sockets Layer 安全套接层):ssl

基于特定规则的过滤

基于IP

  • 来源IP ip.src == 192.168.1.107
  • 目标IP ip.dst == 192.168.1.107

基于MAC地址

  • 目标MAC eth.dst == A0: 00: 00: 04: C5: 84
  • 来源MAC eth.src == A0: 00: 00: 04: C5: 84

基于端口

  • 源端口和目的端口都为80:tcp.port==80
  • 源端口:tcp.srcport==80
  • 目的端口:tcp.dstport==80

基于HTTP

  • 以Request的 Host Header作为过滤条件:http.host contains csdn
  • 以Request的 Method Header作为过滤条件:http.request.method=="GET" or http.request.method=="POST"
  • 以Request的 URL作为过滤条件:http.request.uri == "/img/logo-edu.gif"

符号使用

连接符

and(&&)

过滤ip为192.168.101.8并且为 HTTP 协议的包:ip.src==192.168.101.8 and http

or(||)

过滤源IP或者目标IP等于某个IP:ip.src == 192.168.1.107 or ip.dst == 192.168.1.107

not(!)

排除某种协议的数据包:not tcp

in

过滤只使用某些范围内的端口:tcp.port in {80 443}

参考:https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

比较符

==

IP为10.0.0.5:ip.src==10.0.0.5

)!=

IP不等于10.0.0.5:ip.src!=10.0.0.5

>

包长度大于10:frame.len > 10

<

包长度小于10:frame.len < 128

contains

HTTP中包括“sogou”关键字:http contains "sogou"

参考:https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Reference

FEATURED TAGS
algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis compile concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress xml zookeeper
FRIENDS

TOC