Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Common screening command methods for wireshark package grabbing tools

2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Wireshark filtering rules are used

1. MAC address filtering

Command summary:

Eth.addr==20:dc:e6:f3:78:cc

Eth.src==20:dc:e6:f3:78:cc

Eth.dst==20:dc:e6:f3:78:cc

1. Filter based on MAC address

Use the command: eth.addr==20:dc:e6:f3:78:cc

Command explanation: filter out the packets whose MAC address is 20:dc:e6:f3:78:cc, including the source MAC address or destination MAC address using all packets of 20:dc:e6:f3:78:cc.

2. Filter by source MAC address

Use the command: eth.src==20:dc:e6:f3:78:cc

Command explanation: filter out packets whose source MAC address is 20:dc:e6:f3:78:cc

3. Filter according to the destination MAC address

Use the command: eth.dst==20:dc:e6:f3:78:cc

Command explanation: filter out packets whose destination MAC address is 20:dc:e6:f3:78:cc.

2. IP address filtering

Ip.addr==192.168.1.122 / / filter based on IP address, including source ip or destination IP

Ip.src==192.168.1.122 / / filter based on source IP address

Ip.dst==192.168.1.122 / / filter by destination IP address

1. Filter based on IP address

Use the command: ip.addr==192.168.1.122

Command explanation: filter out packets whose IP address is 192.168.1.122, including all packets whose source IP address or destination IP address uses 192.168.1.122.

2. Filter by source IP address

Use the command: ip.src==182.254.110.91

Command explanation: filter out packets with source IP address 182.254.110.91

3. Filter according to the destination IP address

Use the command: ip.dst==192.168.1.122

Command explanation: filter out packets with the destination address of 192.168.1.122.

III. Port filtering

Port filtering. For example, filter port 80, enter tcp.port==80 in Filter, this rule is to filter out both source port and destination port 80. Use tcp.dstport==80 to filter only packets with destination port 80 and tcp.srcport==80 with source port 80

Tcp.port==80 / / filter packets based on TCP port, including source port or destination port

Tcp.dstport==80 / / filter packets based on the destination TCP port.

Tcp.srcport==80 / / filter packets based on the source TCP port.

Udp.port==4010 / / filter packets based on UDP port, including source port or destination port

Udp.srcport==4010 / / filter packets based on the source UDP port.

Udp.dstport==4010 / / filter packets based on the destination UDP port.

1. Filter TCP ports

Use the command: tcp.port==80

Command explanation: filter out packets whose TCP port is 80 communication, including packets whose source port uses TCP 80 or destination port uses tcp 80 port.

2. Filter destination port packets

Use the command: tcp.dstport==80

Command explanation: filter out packets that are communicated by TCP 80 on the destination port

3. Filter source port packets

Use the command: tcp.srcport==80

Command explanation: filter out the packets whose source port is tcp 80.

IV. Protocol screening

Filter packets according to communication protocols, such as http protocol, ftp protocol, and so on. Common protocols are as follows:

Udp

Tcp

Arp

Icmp

Smtp

Pop

Dns

Ip

Ssl

Http

Ftp

Telnet

Ssh

Rdp

Rip

Ospf

1. Filter out http protocol packets

Protocol filtering is relatively simple, just enter the protocol in the filter window (filter). For example, the data of http protocol is filtered as shown below:

Note: when doing protocol filtering, the protocol name must be written in lowercase, otherwise it will make an error.

2. Filter out the GET packets of http

Use the command: http.request.method==GET

Command explanation: filter out the packets in get mode of http protocol. Note that GET must be written in uppercase, otherwise it will not be filtered out.

3. Filter out the POST packets of http.

Use the command: http.request.method==POST

Command explanation: filter out the data packets using the post mode of the http protocol. Note that the POST parameters must be written in uppercase, otherwise the data cannot be filtered.

Fifth, logical condition combination screening

Logical expression summary:

| | / / logical or

& & / Logic and

! / / Logic is not

1. Logic and screening methods

Use the command: ip.src==192.168.1.122&&ip.dst==121.114.244.119

Command explanation: filter out packets with source ip address 192.168.1.122 and destination address 121.114.244.119. You can also use parentheses to distinguish inclusion, and the above command can also be equivalent to the following command

(ip.src==192.168.1.122) & & (ip.dst==121.114.244.119)

2. Logic or filtering

Use the command: ip.src==192.168.1.122 | | ip.src==182.254.110.91

Command explanation: filter out packets whose source IP address is 192.168.1.122 or source ip address is 182.254.110.91

3. Logical non-filtering

Use the command:! (ip.addr==192.168.1.122)

Command explanation: filter out packets that are not 192.168.1.122.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report