The Wireshark captures a specified IP address

Filter: The Wireshark filters packets that pass the specified IP address.

Display filtering can completely reproduce the network environment at the time of the test, but will result in a large capture file and memory footprint.

Ip.addr ==192.168.1.1 // Displays all packets whose destination or source address is 192.168.1.1
Ip. DST ==192.168.1.1 // Displays the packets whose destination address is 192.168.1.1
Ip. SRC ==192.168.1.1 // Displays packets whose source IP address is 192.168.1.1
Addr == 80:f6:2e:ce:3f:00 // Filter by MAC address,
Ip. SRC ==192.168.0.0/16 // Filter a network segment

Capture filter: The Wireshark captures the packets that pass through the specified IP address.

Capture filter Set this parameter in Capture Option to capture only packets that meet the requirements. This avoids large capture files and memory consumption, but cannot completely reproduce the network environment during the test.

Host 192.168.1.1 // Captures all data packets received and sent by 192.168.1.1
SRC host 192.168.1.1 // Source IP address, 192.168.1.1 all packets sent
DST host 192.168.1.1 // Destination IP address, 192.168.1.1 All packets received
SRC host hostname // Filter by hostname
Ether host 80:05:09:03:E4:35 // Filter by MAC address
Net 192.168.1 // Network filtering, filtering the entire network segment
The SRC.net 192.168
dst net 192

Using not/and/or to create a combined filter condition can get more accurate capture:

A:! Or “not” (remove double quotation marks)
And: && or “and”
Or: | | the or “or”

Wirershark Example for filtering packets sent and received from a specified IP address:

Fetch all TCP data whose destination address is 192.168.1.2 or 192.168.1.3 is port 80

(TCP port 80) and ((DST host 192.168.1.2) or (DST host 192.168.1.3)) // Capture filtering

TCP port = = 80 && (IP) DST = = 192.168.1.2 instead | | IP. DST = = 192.168.1.3)/filter/show

Capture all ICMP data of destination MAC address 80:05:09:03:E4:35

(icmp) and ((ether dst host 80:05:09:03:E4:35))

icmp && eth.dst==80:05:09:03:E4:35

Fetch all TCP data whose destination network is 192.168, but whose destination host is not 192.168.1.2

(tcp) and ((dst net 192.168) and (not dst host 192.168.1.2))

TCP && IP. SRC = = 192.168.0.0/16 &&! (IP. SRC = = 192.168.1.2 instead)

Capture the communication between host 192.168.1.1 and host 192.168.1.2 or 192.168.1.3

Host 192.168.1.1 and (192.168.1.2 or 192.168.1.3)

. IP addr = = 192.168.1.1 && (IP) addr = = 192.168.1.2 instead | | IP. Addr = = 192.168.1.3)

Obtain the data packets of all hosts 192.168.1.1 except 192.168.1.2

The host 192.168.1.1 and! 192.168.1.2 instead

IP addr = = 192.168.1.1 &&! IP addr = = 192.168.1.2 instead

Obtain the Telnet packets received or sent by host 192.168.1.1 using TCP port 23

TCP port 23 and host 192.168.1.1

TCP. 23 && IP port = =. Addr = = 192.168.1.1

The Wireshark captures a specified IP address

Filter: The Wireshark filters packets that pass the specified IP address.

Capture filter: The Wireshark captures the packets that pass through the specified IP address.

Using not/and/or to create a combined filter condition can get more accurate capture:

Wirershark Example for filtering packets sent and received from a specified IP address:

Related Posts

Spring integration RabbitMQ tutorial

Interviewer: How to query tens of millions of data through MyBatis and ensure that the memory does not overflow?

The basic structure of FLASK framework is understood in this paper