Host 192.168.5.231 and !arp #Only capture the host 192.168.5.231 all traffic except arp.Īrp #Capture all arp requests in the interface Port 53 #Capture dns traffic for all hosts in the interfaceġ.4 APR s (not) captured host 192.168.5.231 and arp #Only arp traffic of 192.168.5.231 is captured. Src 192.168.5.231 and port 53 #Only the external dns traffic of host 192.168.5.231 is captured.ĭst 192.168.5.231 and port 53 #Only the dns traffic of corresponding host 192.168.5.231 of dns server is captured. Net 192.168.5.0/24 #Capture all traffic of all hosts with network segment d192.168.5.0ġ.3 capture only DNS traffic of a host host 192.168.5.231 and port 53 #Only the dns traffic of host 192.168.5.231 is captured. Not port 80 and !http #Capture all traffic except httpġ.2 capture all traffic of a host only host 192.168.5.231 #The capture source hosts are 192.168.5.231ĭst 192.168.5.231 #The target hosts were 192.168.5.231 Not port 80 #Capture all traffic except http Port 80 and http #Capture all http traffic passing through the interface Or ("or") and ("and") have the same priority, and the operation is performed from left to right.ġ.1 capture only HTTP traffic of a host host 192.168.5.231 and port 80 and http #Only capture the http traffic of host 192.168.5.231 Logical Operations: not, and, or, etc., no ("not") has the highest priority. Host(s): net, port, host, portrange, and so on. if no direction is specified, the keyword "src or dst" is used by default.
if no protocol type is specified, the default is to capture all supported protocols.ĭirection: src, dst, src and dst, src or dst, etc. Protocol (Protocol): ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp, udp, etc. The filter used before grabbing the package, its function is that I only grab the package I want, and don't grab what I don't need.Īdvantages: can reduce the network card load, less garbage There are two types of wireshark filters Capture filter
0 kommentar(er)
