Wireshark: Difference between revisions

Content added Content deleted
Line 11: Line 11:
<br />
<br />


==Wireshark Common Filters==
== Wireshark Common Filters ==


* Operators:
More Details: [https://www.wireshark.org/docs/dfref/ Reference]

Equal (any if more than one)
eq
any_eq
==
ip.src == 10.0.0.5

Not equal (all if more than one)
ne
all_ne
!=
ip.src != 10.0.0.5

Equal (all if more than one)
all_eq
===
ip.src === 10.0.0.5

Not equal (any if more than one)
any_ne
!==
ip.src !== 10.0.0.5

Greater than
gt
>
frame.len > 10

Less than
lt
<
frame.len < 128

Greater than or equal to
ge
>=
frame.len ge 0x100

Less than or equal to
le
<=
frame.len <= 0x20

Protocol, field or slice contains a value
contains
sip.To contains "a1762"

Protocol or text field matches a Perl-compatible regular expression
matches
~
http.host matches "acme\\.(org|com|net)"




* More Details: [https://www.wireshark.org/docs/dfref/ Reference]


{| class="wikitable"
{| class="wikitable"
Retrieved from "https://aman.awiki.org/wiki/Wireshark"