Shulou(Shulou.com)06/01 Report--

An example of the main interface of wireshark is as follows:

The bag grabbing rule is correct: the filter dialog box is displayed as "green"

Bag grab rule error: filter dialog box is displayed as "orange"

Bag grab filter

Ethernet filter (OSI layer 2 filter)

# ether host 8c:ec:4b:69:a6:a7 grabs the source or destination MAC address of Ethernet traffic (e.g. ether host 00:00:5e:00:53:00)

# ether dst host 8c:ec:4b:69:a6:a7

# ether dst 8c:ec:4b:69:a6:a7 grabs the destination MAC address of Ethernet traffic

# ether src 8c:ec:4b:69:a6:a7 grabs the MAC address of the source of Ethernet traffic

# ether broadcast grabs Ethernet broadcast traffic

# ether multicast grabs Ethernet Multicast Traffic

# Ethernet protocol type number of Ethernet traffic captured by ether proto XXXX (for example: ether proto 0x0806)

# vlan 206grabs only the traffic of the specified VLAN

Note: whether the packet crawling is successful or not, in addition to having correct packet grabbing rules, deploying packet grabbing tools in the appropriate network location is also a factor that cannot be ignored. Because of the location of the current test PC deployment, the vlan 206message cannot be crawled here, so there is no screenshot of the capture result, but it doesn't matter. We can still judge by the color, and the syntax is correct.

Common Ethernet protocol type field

0x0800 IP

0x0806 ARP

0x8137 Novell IPX

0x809b Apple Talk

0x8864 PPPoE

0x8100 802.1Q

0x86DD IPV6

0x8847 MPLS Label

0x0000-0x05DC IEEE 802.3

0x0101-0x01FF experiment

0x0600 XEROX NS IDP

0x0660 DLOG

0x0661 DLOG

0x0801 X.75 Internet

0x0802 NBS Internet

0x0803 ECMA Internet

0x0804 Chaosnet

0x0805 X.25 Level 3

0x0808 frame Relay ARP (Frame Relay ARP) [RFC1701]

0x6559 original frame Relay (Raw Frame Relay) [RFC1701]

0x8035 dynamic DARP (DRARP:Dynamic RARP)

Reverse address Resolution Protocol (RARP:Reverse Address Resolution Protocol)

0x8037 Novell Netware IPX

0x809B EtherTalk

0x80D5 IBM SNA Services over Ethernet

0x80F3 AppleTalk address Resolution Protocol (AARP:AppleTalk Address Resolution Protocol)

0x8100 Ethernet automatic Protection switch (EAPS:Ethernet Automatic Protection Switching)

0x8137 Internet packet switching (IPX:Internet Packet Exchange)

0x814C simple Network Management Protocol (SNMP:Simple Network Management Protocol)

0x86DD Internet Protocol V6 (IPv6,Internet Protocol version 6)

0x880B Point-to-Point Protocol (PPP:Point-to-Point Protocol)

0x 880C General switching Management Protocol (GSMP:General Switch Management Protocol)

0x8847 Multiprotocol label switching (unicast) MPLS:Multi-Protocol Label Switching)

0x8848 Multiprotocol label switching (Multicast) (MPLS, Multi-Protocol Label Switching)

PPP (Discovery Phase) on 0x8863 Ethernet (PPPoE:PPP Over Ethernet)

PPP on 0x8864 Ethernet (PPP session phase) (PPPoE,PPP Over Ethernet)

0x88BB lightweight access Point Protocol (LWAPP:Light Weight Access Point Protocol)

0x88CC Link layer Discovery Protocol (LLDP:Link Layer Discovery Protocol)

EAP (EAPOL:EAP over LAN) on 0x8E88 LAN

0x9000 configuration Test Protocol (Loopback)

0x9100 VLAN label Protocol Identifier (VLAN Tag Protocol Identifier)

0x9200 VLAN label Protocol Identifier (VLAN Tag Protocol Identifier)

# ether proto 0x0806

# proto 0x80F3

# not broadcast and not multicast does not grab broadcast and multicast packets (only unicast packets)

Ethernet filter (OSI layer 2 display filter)

# ether host 8C-EC-4B-69-A6-A7-crawl all packets of host MAC that are 8C-EC-4B-69-A6-A7

# tcp

# eth.addr eq 84:b8:02:1a:b2:ff and eth.addr eq 8c:ec:4b:69:a6:a7

# eth.type = = 0x0800

There are still many application scenarios for packet grabbing and display filtering rules in layer 2 wireshark of OSI. Here are only some examples. It takes more practice to master and apply these rules in depth.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.