Operation and Maintenance
Windows Operation and Maintenance
Use of wireshark packet capture capture filter
Use of wireshark packet capture capture filter
I won’t say much about what wireshark is. In short, it is a powerful packet capture tool. We often use it to capture some data packets and then analyze these data packets. Of course, most of us want to capture specific data packets and filter those unwanted data packets. Next, let’s take a look at the use of wireshark’s capture filter.
The syntax of the capture filter
The syntax of the capture filter adopts BPF syntax. If you want to know what BPF syntax is, you can do it yourself Google. To put it more simply, Wireshark's capture filter uses some qualifiers, such as (host/src/port), and qualified values, and then combines expressions through logical operators.
A simple filter is given below, which is used to specify to capture only data packets from a specific IP
host 47.***.***.16
Commonly used qualifiers are divided into the following three categories:
Type: such as host/net/port
Direction: such as src/dst
Protocol: such as ip /tcp/udp/http/https
The logical operators include the following
and operators&&
-
or operator||
Not operator!
Next, we will demonstrate how to use capture filters from several aspects.
Address filter
Address filter is the most commonly used in our daily life, used to specify data from a specific IP or host name Bag. In addition, you can also specify the MAC address and IPv6 address.
Let’s demonstrate it through several cases:
Limit IPv4 address
host 192.168.1.111
Limit address and direction: that is, limit Source address, only capture packets from a specific ip
src host 192.168.1.111
Limited MAC address
ether host 00:0c:29:84:5b:d0
Port filter
Port filters are also commonly used daily, such as only capturing data on port 80 or only capturing data packets on port 22, etc.
Capture the data packets whose destination port is port 80
src port 80
Do not capture the data packets of port 22
!port 22
Protocol filter
is used to limit the protocol. This limited protocol is not hierarchical. It can be the application layer protocol http, https, ftp, dns, or transmission. layer protocols tcp, udp or ip layer ip protocol, icmp, etc.
Only capture icmp protocol packets
icmp
Finally, let’s get a slightly more complex comprehensive example. Filters that limit IP, direction and port at the same time are as follows
host 192.168.1.111 && dst port 80
Related recommendations: "Windows Operation and Maintenance"
The above is the detailed content of Use of wireshark packet capture capture filter. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What are the operation and maintenance tools under window
Mar 05, 2025 am 11:17 AM
This article reviews Windows-based server management tools. It compares free (PowerShell, Windows Admin Center) and commercial options (SCCM, Azure Arc), highlighting their functionality, cost, and complexity. The choice depends on needs, budget, a
How to solve the problem that Tencent Cloud has downloaded?
Mar 05, 2025 am 11:18 AM
This article guides users on opening files downloaded from Tencent Cloud. It addresses common issues like corrupted downloads, incompatible file formats, and software conflicts, offering troubleshooting steps and suggesting contacting Tencent Cloud
How to use Tencent Cloud Lightweight Application Server Tutorial for Using Tencent Cloud Lightweight Application Server
Mar 05, 2025 am 11:16 AM
This guide details using Tencent Cloud Lightweight Application Servers (LAS). It covers account setup, instance creation (specifying region, configuration, image, security, and storage), and application deployment. Key features include cost-effecti
Tutorial on the mobile version of Tencent Cloud to cancel the account without real name
Mar 05, 2025 am 11:20 AM
Deleting unregistered Tencent Cloud mobile accounts is impossible without verification. The article explains why account deletion requires verification and details how uninstalling the associated app is the most effective workaround to sever the app
What to do if the windows installation error is not started?
Mar 05, 2025 am 11:19 AM
This article addresses common Windows installation and boot errors. It details troubleshooting steps for issues like corrupted media, hardware problems, driver conflicts, partitioning errors, BIOS settings, and software conflicts. Solutions include
Recommended Windows Operation and Maintenance Tools What are the Windows Operation and Maintenance Software?
Mar 05, 2025 am 11:15 AM
This article reviews free and paid Windows server administration tools. It compares built-in options like Server Manager & PowerShell with commercial solutions such as SolarWinds and Microsoft System Center, emphasizing the trade-offs between co
What are the main tasks of Windows Operation and Maintenance Engineers
Mar 05, 2025 am 11:14 AM
This article details the key responsibilities and essential skills of a Windows systems administrator. It covers system installation/configuration, monitoring/troubleshooting, security management, backup/recovery, patch management, automation, and u
