显示过滤器

显示过滤器

语法说明:
比较操作符 == != > < >= <=
逻辑操作符 and or xor not
ip地址: ip.addr ip.src ip.dst
端口过滤: tcp.port  tcp.srcport  tcp.flag.syn  tcp.flag.ack
协议过滤器: arp ip icmp udp bootp dns


实例演示

http.host contains "gyarmy.com"

过滤IP地址案例
ip.addr == 192.168.1.100
ip.src == 192.168.100
ip.dst == 192.168.1.100
ip.src == 192.168.1.100 and ip.dst == 58.221.15.135

过滤端口案例
tcp.port == 80
tcp.srcport == 80
tcp.dstport == 80
tcp.flag.syn == 1

过滤协议案例
arp
tcp
ucp
not http
not arp

综合案例
ip.src == 192.168.1.100 and tcp dstport == 80

ip.addr == 192.168.1.106 and udp.port == 4000


http.host contains "jd.com" && http.request.method == "POST"

原文链接: 显示过滤器 版权所有,转载时请注明出处,违者必究。
注明出处格式:流沙团 ( https://gyarmy.com/post-46.html )

发表评论

0则评论给“显示过滤器”