In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
Wireshark filtering rules are used
1. MAC address filtering
Command summary:
Eth.addr==20:dc:e6:f3:78:cc
Eth.src==20:dc:e6:f3:78:cc
Eth.dst==20:dc:e6:f3:78:cc
1. Filter based on MAC address
Use the command: eth.addr==20:dc:e6:f3:78:cc
Command explanation: filter out the packets whose MAC address is 20:dc:e6:f3:78:cc, including the source MAC address or destination MAC address using all packets of 20:dc:e6:f3:78:cc.
2. Filter by source MAC address
Use the command: eth.src==20:dc:e6:f3:78:cc
Command explanation: filter out packets whose source MAC address is 20:dc:e6:f3:78:cc
3. Filter according to the destination MAC address
Use the command: eth.dst==20:dc:e6:f3:78:cc
Command explanation: filter out packets whose destination MAC address is 20:dc:e6:f3:78:cc.
2. IP address filtering
Ip.addr==192.168.1.122 / / filter based on IP address, including source ip or destination IP
Ip.src==192.168.1.122 / / filter based on source IP address
Ip.dst==192.168.1.122 / / filter by destination IP address
1. Filter based on IP address
Use the command: ip.addr==192.168.1.122
Command explanation: filter out packets whose IP address is 192.168.1.122, including all packets whose source IP address or destination IP address uses 192.168.1.122.
2. Filter by source IP address
Use the command: ip.src==182.254.110.91
Command explanation: filter out packets with source IP address 182.254.110.91
3. Filter according to the destination IP address
Use the command: ip.dst==192.168.1.122
Command explanation: filter out packets with the destination address of 192.168.1.122.
III. Port filtering
Port filtering. For example, filter port 80, enter tcp.port==80 in Filter, this rule is to filter out both source port and destination port 80. Use tcp.dstport==80 to filter only packets with destination port 80 and tcp.srcport==80 with source port 80
Tcp.port==80 / / filter packets based on TCP port, including source port or destination port
Tcp.dstport==80 / / filter packets based on the destination TCP port.
Tcp.srcport==80 / / filter packets based on the source TCP port.
Udp.port==4010 / / filter packets based on UDP port, including source port or destination port
Udp.srcport==4010 / / filter packets based on the source UDP port.
Udp.dstport==4010 / / filter packets based on the destination UDP port.
1. Filter TCP ports
Use the command: tcp.port==80
Command explanation: filter out packets whose TCP port is 80 communication, including packets whose source port uses TCP 80 or destination port uses tcp 80 port.
2. Filter destination port packets
Use the command: tcp.dstport==80
Command explanation: filter out packets that are communicated by TCP 80 on the destination port
3. Filter source port packets
Use the command: tcp.srcport==80
Command explanation: filter out the packets whose source port is tcp 80.
IV. Protocol screening
Filter packets according to communication protocols, such as http protocol, ftp protocol, and so on. Common protocols are as follows:
Udp
Tcp
Arp
Icmp
Smtp
Pop
Dns
Ip
Ssl
Http
Ftp
Telnet
Ssh
Rdp
Rip
Ospf
1. Filter out http protocol packets
Protocol filtering is relatively simple, just enter the protocol in the filter window (filter). For example, the data of http protocol is filtered as shown below:
Note: when doing protocol filtering, the protocol name must be written in lowercase, otherwise it will make an error.
2. Filter out the GET packets of http
Use the command: http.request.method==GET
Command explanation: filter out the packets in get mode of http protocol. Note that GET must be written in uppercase, otherwise it will not be filtered out.
3. Filter out the POST packets of http.
Use the command: http.request.method==POST
Command explanation: filter out the data packets using the post mode of the http protocol. Note that the POST parameters must be written in uppercase, otherwise the data cannot be filtered.
Fifth, logical condition combination screening
Logical expression summary:
| | / / logical or
& & / Logic and
! / / Logic is not
1. Logic and screening methods
Use the command: ip.src==192.168.1.122&&ip.dst==121.114.244.119
Command explanation: filter out packets with source ip address 192.168.1.122 and destination address 121.114.244.119. You can also use parentheses to distinguish inclusion, and the above command can also be equivalent to the following command
(ip.src==192.168.1.122) & & (ip.dst==121.114.244.119)
2. Logic or filtering
Use the command: ip.src==192.168.1.122 | | ip.src==182.254.110.91
Command explanation: filter out packets whose source IP address is 192.168.1.122 or source ip address is 182.254.110.91
3. Logical non-filtering
Use the command:! (ip.addr==192.168.1.122)
Command explanation: filter out packets that are not 192.168.1.122.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.