WireShark: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 9: | Zeile 9: | ||
* Substring: eth.src[:4] == 00:00:83:00 | * Substring: eth.src[:4] == 00:00:83:00 | ||
* String: http.request.uri == "https://www.wireshark.org/" | * String: http.request.uri == "https://www.wireshark.org/" | ||
== Verknüpfung von Bedingungen: == | |||
* or || | |||
* and: && | |||
** ip.src==10.0.0.5 and tcp.flags.fin | |||
* xor: ^^ | |||
== Felder: == | == Felder: == | ||
Version vom 26. Juni 2015, 06:31 Uhr
Installation
- fedora (alt): wireshark-gnome (wegen GUI)
Filter Beispiele
- Empfänger oder Sender: ip.addr == 1.2.3.4
- ip.src==10.0.0.5
- ! (ip.addr = 1.2.3.4)
- Substring: eth.src[:4] == 00:00:83:00
- String: http.request.uri == "https://www.wireshark.org/"
Verknüpfung von Bedingungen:
- or ||
- and: &&
- ip.src==10.0.0.5 and tcp.flags.fin
- xor: ^^
Felder:
- ip (IPv4): addr, dst, flags, host (Src || Dest), len, proto, src, tos (type of service)
- tcp: dstport, flags, flags.fin, flags.syn, hdr_len, len (segment len), port, seq, srcport,
- eth Ethernet): addr, dst, len, src