search
HomeOperation and MaintenanceWindows Operation and MaintenanceUse of wireshark packet capture capture filter

I won’t say much about what wireshark is. In short, it is a powerful packet capture tool. We often use it to capture some data packets and then analyze these data packets. Of course, most of us want to capture specific data packets and filter those unwanted data packets. Next, let’s take a look at the use of wireshark’s capture filter.

The syntax of the capture filter

The syntax of the capture filter adopts BPF syntax. If you want to know what BPF syntax is, you can do it yourself Google. To put it more simply, Wireshark's capture filter uses some qualifiers, such as (host/src/port), and qualified values, and then combines expressions through logical operators.

A simple filter is given below, which is used to specify to capture only data packets from a specific IP

host 47.***.***.16

Commonly used qualifiers are divided into the following three categories:

  • Type: such as host/net/port

  • Direction: such as src/dst

  • Protocol: such as ip /tcp/udp/http/https

The logical operators include the following

  • and operators&&

  • or operator||

  • Not operator!

Next, we will demonstrate how to use capture filters from several aspects.

Address filter

Address filter is the most commonly used in our daily life, used to specify data from a specific IP or host name Bag. In addition, you can also specify the MAC address and IPv6 address.

Let’s demonstrate it through several cases:

Limit IPv4 address

host 192.168.1.111

Limit address and direction: that is, limit Source address, only capture packets from a specific ip

src host 192.168.1.111

Limited MAC address

ether host 00:0c:29:84:5b:d0

Port filter

Port filters are also commonly used daily, such as only capturing data on port 80 or only capturing data packets on port 22, etc.

Capture the data packets whose destination port is port 80

src port 80

Do not capture the data packets of port 22

!port 22

Protocol filter

is used to limit the protocol. This limited protocol is not hierarchical. It can be the application layer protocol http, https, ftp, dns, or transmission. layer protocols tcp, udp or ip layer ip protocol, icmp, etc.

Only capture icmp protocol packets

icmp

Finally, let’s get a slightly more complex comprehensive example. Filters that limit IP, direction and port at the same time are as follows

host 192.168.1.111 && dst port 80

Related recommendations: "Windows Operation and Maintenance"

The above is the detailed content of Use of wireshark packet capture capture filter. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Safe Exam Browser

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.