WireShark
Installation
- fedora (alt): wireshark-gnome (wegen GUI)
Filter Beispiele
- Corba Protokoll: GPIO
- Empfänger oder Sender: ip.addr == 1.2.3.4
- ip.src==10.0.0.5
- ! (ip.addr = 1.2.3.4)
- Substring: eth.src[:4] == 00:00:83:00
- String: http.request.uri == "https://www.wireshark.org/"
Verknüpfung von Bedingungen:
- or ||
- and: &&
- ip.src==10.0.0.5 and tcp.flags.fin
- xor: ^^
Felder:
- ip (IPv4):
- addr
- dst
- flags
- host (Src || Dest)
- len
- proto
- src, tos (type of service)
- tcp (Transmission Control Protocol):
- dstport
- flags, flags.fin, flags.syn
- hdr_len
- len (segment len)
- port
- seq
- srcport,
- eth (Ethernet):
- addr
- dst
- len
- src
- http (HTTP Hyper Text Transmission Protocol)
- connection
- content_length
- content_type
- cookie, cookie_pait
- host
- referer
- request, request.method, request.uri
- response, response.code (status code)
- server