显示过滤器
语法说明:
比较操作符 == != > < >= <=
逻辑操作符 and or xor not
ip地址: ip.addr ip.src ip.dst
端口过滤: tcp.port tcp.srcport tcp.flag.syn tcp.flag.ack
协议过滤器: arp ip icmp udp bootp dns
实例演示
http.host contains "gyarmy.com"
过滤IP地址案例
ip.addr == 192.168.1.100
ip.src == 192.168.100
ip.dst == 192.168.1.100
ip.src == 192.168.1.100 and ip.dst == 58.221.15.135
过滤端口案例
tcp.port == 80
tcp.srcport == 80
tcp.dstport == 80
tcp.flag.syn == 1
过滤协议案例
arp
tcp
ucp
not http
not arp
综合案例
ip.src == 192.168.1.100 and tcp dstport == 80
ip.addr == 192.168.1.106 and udp.port == 4000
http.host contains "jd.com" && http.request.method == "POST"
0则评论给“显示过滤器”