Wireshark biežāk izmnatotie filtri

Šeit ir publicēti biežākie Wireshark izmantotie filtri:

1.ip.addr == [Sets a filter for any packet with, as either the source or dest]
2.ip.addr== && ip.addr== [sets a conversation filter between the two defined IP addresses]
3.http or dns [sets a filter to display all http and dns]
4.tcp.port==4000 [sets a filter for any TCP packet with 4000 as a source or dest port]
5.tcp.flags.reset==1 [displays all TCP resets]
6.http.request [displays all HTTP GET requests]
7.tcp contains traffic [displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID]
8.!(arp or icmp or dns) [masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest]
9. udp contains 33:27:58 [sets a filter for the HEX values of 0x33 0x27 0x58 at any offset]
10. tcp.analysis.retransmission [displays all retransmissions in the trace. Helps when tracking down slow application performance and packet loss]

Vēl noder:
ip.dst != vai ip.src != nerādīt saziņu ar konkrētu IP

Leave a Reply