Operation and MaintenanceWindows Operation and MaintenanceHow to use the display filter of wireshark tool
Wireshark display filter is used to filter the captured data packets and only display the data packets that meet the filtering conditions. Display filters are usually more commonly used than capture filters. Usually no restrictions are placed in the packet capture process. Any packet is captured, and then specific data packets are analyzed through the display filter.
There are two ways to display filters, namely:
Dialog mode
Text expression mode
Dialog mode display
This method is very simple, you only need to move the mouse to select what you need Filter rules. Click Analysis in turn -> Display Filter Expression
The box on the left is all available protocol domains. Select a filtering protocol field, then select the relationship, and finally fill in the value, and a display filtering is completed.
Display filter for text expressions
The dialog box method is suitable for novices, but after playing wireshark for a while, you will become familiar with its display filter After setting the rules, you can use text expressions to operate. The following demonstrates some common display filters:
Protocol Limitation
is used to limit commonly used protocols, such as http, ssh, tcp, etc.
Only display http protocol
http
Display http or ssh protocol packets
http or ssh
Limited IP address and port
IP address and port are the most commonly used filtering conditions, but unlike the capture filter, the display filter uses ip.addr == ip address to limit.
Limit IP
ip.addr == 192.168.110.145
Limit the size of the data packet
frame.len > 128
Common comparison operators are:
greater than>
- ##less than ##greater than or equal>=
- Less than or equal toEqual to==
- Not equal to!=
- The role of logical expressions
frame.len > 128 and ip.addr == 192.168.110.145
Common logical operators are:
- And, both conditions are met at the same time and
- Or, two conditions satisfy one or
- No, no condition is satisfied not
- XOR, one of the conditions is satisfied Another one that does not satisfy the Protocol, such as tcp.port
tcp.port==80
Commonly used display filter expressions
Finally, common display filter expressions are given !arp 排除arp数据包
http 只显示http数据包
!tcp.port==80 过滤http数据包
tcp.port==21 or tcp.port==22 ftp或ssh
tcp.flags.syn==1 具有syn标志位的tcp数据包
tcp.flags.rst==1 具有rst标志位的tcp数据包
Related recommendations: "
"
The above is the detailed content of How to use the display filter of wireshark tool. For more information, please follow other related articles on the PHP Chinese website!
What are the operation and maintenance tools under windowMar 05, 2025 am 11:17 AMThis article reviews Windows-based server management tools. It compares free (PowerShell, Windows Admin Center) and commercial options (SCCM, Azure Arc), highlighting their functionality, cost, and complexity. The choice depends on needs, budget, a
How to solve the problem that Tencent Cloud has downloaded?Mar 05, 2025 am 11:18 AMThis article guides users on opening files downloaded from Tencent Cloud. It addresses common issues like corrupted downloads, incompatible file formats, and software conflicts, offering troubleshooting steps and suggesting contacting Tencent Cloud
How to use Tencent Cloud Lightweight Application Server Tutorial for Using Tencent Cloud Lightweight Application ServerMar 05, 2025 am 11:16 AMThis guide details using Tencent Cloud Lightweight Application Servers (LAS). It covers account setup, instance creation (specifying region, configuration, image, security, and storage), and application deployment. Key features include cost-effecti
Tutorial on the mobile version of Tencent Cloud to cancel the account without real nameMar 05, 2025 am 11:20 AMDeleting unregistered Tencent Cloud mobile accounts is impossible without verification. The article explains why account deletion requires verification and details how uninstalling the associated app is the most effective workaround to sever the app
What to do if the windows installation error is not started?Mar 05, 2025 am 11:19 AMThis article addresses common Windows installation and boot errors. It details troubleshooting steps for issues like corrupted media, hardware problems, driver conflicts, partitioning errors, BIOS settings, and software conflicts. Solutions include
Recommended Windows Operation and Maintenance Tools What are the Windows Operation and Maintenance Software?Mar 05, 2025 am 11:15 AMThis article reviews free and paid Windows server administration tools. It compares built-in options like Server Manager & PowerShell with commercial solutions such as SolarWinds and Microsoft System Center, emphasizing the trade-offs between co
What are the main tasks of Windows Operation and Maintenance EngineersMar 05, 2025 am 11:14 AMThis article details the key responsibilities and essential skills of a Windows systems administrator. It covers system installation/configuration, monitoring/troubleshooting, security management, backup/recovery, patch management, automation, and u
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
