Wireshark: Difference between revisions
→Wireshark Common Filters
Line 11:
<br />
== Wireshark Common Filters ==
* Operators:
More Details: [https://www.wireshark.org/docs/dfref/ Reference]▼
Equal (any if more than one)
eq
any_eq
==
ip.src == 10.0.0.5
Not equal (all if more than one)
ne
all_ne
!=
ip.src != 10.0.0.5
Equal (all if more than one)
all_eq
===
ip.src === 10.0.0.5
Not equal (any if more than one)
any_ne
!==
ip.src !== 10.0.0.5
Greater than
gt
>
frame.len > 10
Less than
lt
<
frame.len < 128
Greater than or equal to
ge
>=
frame.len ge 0x100
Less than or equal to
le
<=
frame.len <= 0x20
Protocol, field or slice contains a value
contains
sip.To contains "a1762"
Protocol or text field matches a Perl-compatible regular expression
matches
~
http.host matches "acme\\.(org|com|net)"
▲* More Details: [https://www.wireshark.org/docs/dfref/ Reference]
{| class="wikitable"
|