Wireshark
使用技巧
1. IXIA Export出来的包格式应该为.pcap,不能用默认的.cap,不然Wireshark打不开
过滤
1. 过滤出所有(S&D)IP=115.239.211.112的包
2. 过滤出所有(S&D)MAC= FF:FF:FF:FF:FF:FF的包
3. 过滤出所有ARP包
4. Etherent地址filter?
5. Filter DNS Pkts by domain_Name(www.baidu.com)?
6. Filter HTTP Pkts by domain_Name(www.163.com)?
7. Save to file only after Filter Pkts?
8. Filter source/destination IP = x ?
9. 关系运算符 and 写法?
1. IXIA Export出来的包格式应该为.pcap,不能用默认的.cap,不然Wireshark打不开
过滤
1. 过滤出所有(S&D)IP=115.239.211.112的包
2. 过滤出所有(S&D)MAC= FF:FF:FF:FF:FF:FF的包
3. 过滤出所有ARP包
4. Etherent地址filter?
5. Filter DNS Pkts by domain_Name(www.baidu.com)?
6. Filter HTTP Pkts by domain_Name(www.163.com)?
7. Save to file only after Filter Pkts?
8. Filter source/destination IP = x ?
9. 关系运算符 and 写法?
使用技巧
1. IXIA Export出来的包格式应该为.pcap,不能用默认的.cap,不然Wireshark打不开
过滤
过滤方法
1. 过滤出所有(S&D)IP=115.239.211.112的包
ip.addr == 115.239.211.112
2. 过滤出所有(S&D)MAC= FF:FF:FF:FF:FF:FF的包
eth.addr == FF:FF:FF:FF:FF:FF
3. 过滤出所有ARP包
eth.type == 0x0806
4. Etherent地址filter?
eth.dst == 08:00:27:2c:ce:5c
eth.src == 08:00:27:2c:ce:5c
eth.type == 0x0800
5. Filter DNS Pkts by domain_Name(www.baidu.com)?
dns.qry.name == www.twitter.com
6. Filter HTTP Pkts by domain_Name(www.163.com)?
http.host == www.163.com
7. Save to file only after Filter Pkts?
Filter
Select the Pkts and right click,Mark
File, Save as,Packet Range - Old Version Wireshark
File, Export Specified Packets, Marked Pkts - New Version Wireshark
8. Filter source/destination IP = x ?
ip.dst == 224.0.0.2,ip.src == 5.5.5.1
9. 关系运算符 and 写法?
ldp and ip.addr == 5.5.5.100
ldp && ip.addr==5.5.5.100