Operation and MaintenanceWindows Operation and MaintenanceHow to use the display filter of wireshark tool
Wireshark display filter is used to filter the captured data packets and only display the data packets that meet the filtering conditions. Display filters are usually more commonly used than capture filters. Usually no restrictions are placed in the packet capture process. Any packet is captured, and then specific data packets are analyzed through the display filter.
There are two ways to display filters, namely:
Dialog mode
Text expression mode
Dialog mode display
This method is very simple, you only need to move the mouse to select what you need Filter rules. Click Analysis in turn -> Display Filter Expression
The box on the left is all available protocol domains. Select a filtering protocol field, then select the relationship, and finally fill in the value, and a display filtering is completed.
Display filter for text expressions
The dialog box method is suitable for novices, but after playing wireshark for a while, you will become familiar with its display filter After setting the rules, you can use text expressions to operate. The following demonstrates some common display filters:
Protocol Limitation
is used to limit commonly used protocols, such as http, ssh, tcp, etc.
Only display http protocol
http
Display http or ssh protocol packets
http or ssh
Limited IP address and port
IP address and port are the most commonly used filtering conditions, but unlike the capture filter, the display filter uses ip.addr == ip address to limit.
Limit IP
ip.addr == 192.168.110.145
Limit the size of the data packet
frame.len > 128
Common comparison operators are:
greater than>
- ##less than ##greater than or equal>=
- Less than or equal toEqual to==
- Not equal to!=
- The role of logical expressions
frame.len > 128 and ip.addr == 192.168.110.145
Common logical operators are:
- And, both conditions are met at the same time and
- Or, two conditions satisfy one or
- No, no condition is satisfied not
- XOR, one of the conditions is satisfied Another one that does not satisfy the Protocol, such as tcp.port
tcp.port==80
Commonly used display filter expressions
Finally, common display filter expressions are given !arp 排除arp数据包
http 只显示http数据包
!tcp.port==80 过滤http数据包
tcp.port==21 or tcp.port==22 ftp或ssh
tcp.flags.syn==1 具有syn标志位的tcp数据包
tcp.flags.rst==1 具有rst标志位的tcp数据包
Related recommendations: "
"
The above is the detailed content of How to use the display filter of wireshark tool. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Dreamweaver Mac version
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
WebStorm Mac version
Useful JavaScript development tools
