Wireshark显示过滤器用法Wireshark显示过滤器用法Wireshark显示过滤器用法Wireshark
显示过滤器用法Wireshark显示过滤器用法Wireshark显示过滤器用法Wireshark显示过滤器用法
运算符
eq,==等于
ne,!=不等于
gt,>大于
lt,<小于
ge,> =大于或等于
le,<=小于或等于
“contains”运算符 用于检测指定协议或字段是否包含特定内容;示例:http contains "baidu.spider";
“matches”运算符 ,用于检测指定协议或字段是否匹配Perl兼容正则表达式;示例:wsp.user_agent匹配“(?i)cldc”切片运算符:
eth.src [0:3] == 00:00:83 #过滤以太网前三个字节(供应商部分)
http.content_type [0:4] ==“text”
token [0:5] ne 0.0.0.1.1
llc [0] eq aa
frame[100-199] contains "wireshark" #过滤帧内容包含wireshark
[i:j] i = start_offset,j =长度
[i-j] i = start_offset,j = end_offset,包括端点。
[i] i = start_offset,length = 1
[:j] start_offset = 0,length = j
[i:] start_offset = i,end_offset = end_of_field
偏移可以是负数
frame[-4:4] == 0.1.2.3
frame[-4:] == 0.1.2.3