Network

【Network】Wireshark 常用过滤命令

Posted by 西维蜀黍 on 2017-06-04, Last Modified on 2024-09-18

过滤规则

基于协议的过滤规则

链路层

  • 以太网:eth

网络层

  • IP(网际协议) :ip
  • ICMP(Internet 互联网控制报文协议):icmp
  • IGMP(Internet 组织管理协议):igmp
  • ARP(地址解析协议):arp

传输层

  • TCP(传输控制协议):tcp
  • UDP(用户数据报协议):udp

应用层

  • HTTP(HyperText Transfer Protocol,超文本传输协议):http
  • DHCP(Dynamic Host Configuration Protocol,动态主机配置协议):bootp
  • DNS(Domain Name System,域名服务协议):dns
  • FTP(File Transfer Protocol,文件传输协议)-ftp
  • SMTP(Simple Mail Transfer ProtocolSimple Mail Transfer Protocol,简单邮件传输协议)-smtp
  • POP3(Post Office Protocol - Version 3,邮局协议版本 3)-pop3
  • SSL(Secure Sockets Layer 安全套接层 Secure Sockets Layer 安全套接层):ssl

基于特定规则的过滤

基于 IP

  • 来源 IP ip.src == 192.168.1.107
  • 目标 IP ip.dst == 192.168.1.107

基于 MAC 地址

  • 目标 MAC eth.dst == A0: 00: 00: 04: C5: 84
  • 来源 MAC eth.src == A0: 00: 00: 04: C5: 84

基于端口

  • 源端口和目的端口都为 80:tcp.port==80
  • 源端口:tcp.srcport==80
  • 目的端口:tcp.dstport==80

基于 HTTP

  • 以 Request 的 Host Header 作为过滤条件:http.host contains csdn
  • 以 Request 的 Method Header 作为过滤条件:http.request.method=="GET" or http.request.method=="POST"
  • 以 Request 的 URL 作为过滤条件:http.request.uri == "/img/logo-edu.gif"

符号使用

连接符

and(&&)

过滤 ip 为 192.168.101.8 并且为 HTTP 协议的包:ip.src==192.168.101.8 and http

or(||)

过滤源 IP 或者目标 IP 等于某个 IP:ip.src == 192.168.1.107 or ip.dst == 192.168.1.107

not(!)

排除某种协议的数据包:not tcp

in

过滤只使用某些范围内的端口:tcp.port in {80 443}

参考:https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

比较符

==

IP 为 10.0.0.5:ip.src==10.0.0.5

)!=

IP 不等于 10.0.0.5:ip.src!=10.0.0.5

>

包长度大于 10:frame.len > 10

<

包长度小于 10:frame.len < 128

contains

HTTP 中包括 “sogou” 关键字:http contains "sogou"

参考:https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Reference

FEATURED TAGS
algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis compile concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress xml zookeeper
FRIENDS

TOC