ip.src==172.16.210.99 & ip.dst==23.40.192.137 这个只能查看单向的

(ip.src==172.16.163.72 or ip.dst==172.16.163.72) 这个可以查看双向的通讯

(ip.src==121.40.43.188 or ip.dst==121.40.43.188) 过滤和博客园的通讯，ip地址可以nslookup cnblogs.com来得到

In WireShark you can set the filter to “ssl.handshake.type == 13” to specifically look for certificate_request message in Server Hello.

https://ask.wireshark.org/question/1299/how-to-save-filtered-packets/

把filter的结果单独保存起来

I want to save the 688 TCP error packets to a separate file. I opened "File > Export Specific Packets" and selected "All packets" and "Displayed", then saved to a pcapng file.

(ip.src==172.31.211.120 or ip.dst==172.31.211.120)查看双向通讯

https://www.thegeekstuff.com/2012/07/wireshark-filter/

同时过滤protocol和IP,需要两个&进行连接

tds&& (ip.src==172.31.211.120 or ip.dst==172.31.211.120)

posted @ 2020-09-07 18:37 ChuckLu 阅读(165) 评论(0) 收藏举报

刷新页面返回顶部

Chuck Lu

wireshark过滤

公告