Wireshark 过滤器设置
http.host == " http://163.com "
或者 http.host contains " http://163.com " 比较好
1一开始就应该设置抓取过滤,不是所有包我都要抓取;
Capture->Options->Capture Filter:
dst host http://www.163.com 或ip host http://www.163.com
甚至两个一起上(然而并没有本质区别)
ip host http://www.163.com or dst host http://www.163.com 2再设置显示过滤。http contains user
tcp.port==3389 排除RDP流量
tcp.flags.syn==1 具有SYN标志位的TCP数据包
tcp.flags.rst==1 具有RST标志位的TCP数据包
!arp 排除ARP流量
http 所有HTTP的流量
tcp.port==23||tcp.port==21 文本管理流量
host danmu.douyu.com
显示过滤器
tcp.port==12602||tcp.port==12604||tcp.port==8601||tcp.port==12603||tcp.port==12601||tcp.port==8602
斗鱼相关:
119.90.49.92 8060
ip.addr == 119.90.49.91
843
danmu.douyu.com 12602
danmu.douyu.com 12604
danmu.douyu.com 8601
danmu.douyu.com 12603
danmu.douyu.com 8602
danmu.douyu.com 12601
125.39.58.101
8095 3822
119.90.49.89
tcp.stream eq 47
douyucdn.cn
shark.douyucdn.cn
passport.douyu.com
host danmu.douyu.com
显示过滤器
过滤弹幕信息
tcp.port==12602||tcp.port==12604||tcp.port==8601||tcp.port==12603||tcp.port==12601||tcp.port==8602
过滤排行版信息
tcp.port==8060||tcp.port==8036||tcp.port==8079||tcp.port==8066||tcp.port==8002||tcp.port==8042||
tcp.port==8037||tcp.port==8055||tcp.port==8093||tcp.port==8006||tcp.port==8051||tcp.port==8045||
tcp.port==8035||tcp.port==8071||tcp.port==8058||tcp.port==8018||tcp.port==8057||tcp.port==8099||
tcp.port==8002||tcp.port==8085||tcp.port==8005||tcp.port==8056||tcp.port==8016||tcp.port==8020||
tcp.port==8061||tcp.port==8023||tcp.port==8089||tcp.port==8092||tcp.port==8003||tcp.port==8007||tcp.port==8064||tcp.port==8032
ip.addr == 119.90.49.107||ip.addr == 119.90.49.92||ip.addr == 119.90.49.86||ip.addr == 119.90.49.102||ip.addr == 119.90.49.105||
ip.addr == 119.90.49.89||ip.addr == 119.90.49.101||ip.addr == 119.90.49.95||ip.addr == 119.90.49.87||ip.addr == 119.90.49.88||
ip.addr == 119.90.49.94||ip.addr == 119.90.49.109||ip.addr == 119.90.49.91||ip.addr == 119.90.49.110||ip.addr == 119.90.49.90
ip.addr == 60.2.95.163
浙公网安备 33010602011771号