显示过滤器



语法说明:

比较操作符 == != > < >= <=

逻辑操作符 and or xor not

ip地址: ip.addr ip.src ip.dst

端口过滤: tcp.port  tcp.srcport  tcp.flag.syn  tcp.flag.ack

协议过滤器: arp ip icmp udp bootp dns





实例演示



http.host contains "gyarmy.com"



过滤IP地址案例

ip.addr == 192.168.1.100

ip.src == 192.168.100

ip.dst == 192.168.1.100

ip.src == 192.168.1.100 and ip.dst == 58.221.15.135



过滤端口案例

tcp.port == 80

tcp.srcport == 80

tcp.dstport == 80

tcp.flag.syn == 1



过滤协议案例

arp

tcp

ucp

not http

not arp



综合案例

ip.src == 192.168.1.100 and tcp dstport == 80

ip.addr == 192.168.1.106 and udp.port == 4000

http.host contains "jd.com" && http.request.method == "POST"