WireShark: Unterschied zwischen den Versionen

Aus Info-Theke
Zur Navigation springen Zur Suche springen
Zeile 17: Zeile 17:


== Felder: ==
== Felder: ==
* ip (IPv4): addr, dst, flags, host (Src || Dest), len, proto, src, tos (type of service)
* ip (IPv4):
* tcp: dstport, flags, flags.fin, flags.syn, hdr_len, len (segment len), port, seq, srcport,  
** addr
* eth Ethernet): addr, dst, len, src
** dst
** flags
**  host (Src || Dest)
** len
** proto
** src, tos (type of service)
* tcp (Transmission Control Protocol):
** dstport
** flags, flags.fin, flags.syn
** hdr_len
** len (segment len)
** port
** seq
** srcport,  
* eth (Ethernet):
** addr
** dst
** len
** src
* http (HTTP Hyper Text Transmission Protocol)
** connection
** content_length
** content_type
** cookie, cookie_pait
** host
** referer
** request, request.method, request.uri
** response, response.code (status code)
** server

Version vom 26. Juni 2015, 06:39 Uhr

Installation

  • fedora (alt): wireshark-gnome (wegen GUI)

Filter Beispiele

  • Empfänger oder Sender: ip.addr == 1.2.3.4
  • ip.src==10.0.0.5
  • ! (ip.addr = 1.2.3.4)
  • Substring: eth.src[:4] == 00:00:83:00
  • String: http.request.uri == "https://www.wireshark.org/"

Verknüpfung von Bedingungen:

  • or ||
  • and: &&
    • ip.src==10.0.0.5 and tcp.flags.fin
  • xor: ^^

Felder:

  • ip (IPv4):
    • addr
    • dst
    • flags
    • host (Src || Dest)
    • len
    • proto
    • src, tos (type of service)
  • tcp (Transmission Control Protocol):
    • dstport
    • flags, flags.fin, flags.syn
    • hdr_len
    • len (segment len)
    • port
    • seq
    • srcport,
  • eth (Ethernet):
    • addr
    • dst
    • len
    • src
  • http (HTTP Hyper Text Transmission Protocol)
    • connection
    • content_length
    • content_type
    • cookie, cookie_pait
    • host
    • referer
    • request, request.method, request.uri
    • response, response.code (status code)
    • server