| 不管端口是来源还是目标 | tcp.port eq 80 |
| 过滤来源是某个ip | ip.src eq 192.168.60.122 |
| 过滤目标ip | ip.dst eq 192.168.1.107 |
| 不区分是源还是目标 | ip.dst eq 192.168.1.107 |
| tcp的目标端口 | tcp.dstport == 80 |
| 端口范围过滤 | tcp.port >= 1 and tcp.port <= 80 |
| 过滤目标mac | eth.dst == A0:00:00:04:C5:84 |
| 过滤来源mac | eth.src eq A0:00:00:04:C5:84 |
| 等于 | eq |
| 大于 | gt |
| 大于等于 | ge |
| 不等 | ne |
| 包长过滤 | udp.length == 26 |
| tcp包长度 | tcp.len >= 7 |
| 数据包长度 | frame.len == 119 |
| http请求方式 | http.request.method == “GET” |
| http的uri | http.request.uri == “/img/logo-edu.gif” |
| get包 | http.request.method == “GET” && http contains "User-Agent: " |
| post包 | http.request.method == “POST” && http contains "User-Agent: " |
| 响应包 | http contains “HTTP/1.1 200 OK” && http contains "Content-Type: " |
浙公网安备 33010602011771号