Wireshark

An overview of the

This topic describes common wireshark Settings

Commonly used display filters

Ip.addr eq 10.1.1.1 # Filter the packets whose source and destination IP addresses are 10.1.1.1 tcp.port eq 443 # Filter the packets whose source and destination IP addresses are 443

And/or usage

Two display filters can be connected by and or OR, with AND indicating that two or more are matched at the same time, and or indicating the meaning of or

Capture filter

If you want to capture only packets from a certain IP address, you can set a capture filter, as shown in the following figure

Set the packet capture size of the capture filter

If you need to capture packets for a long time, you need to set a capture filter. Usually, only the first 150 bytes of a packet can be captured and a file can be saved every 100MB. The following describes how to set the filter.

Only the first 150 bytes are captured in each packet
Save one file every 100MB

Create a file name, as shown in the figure above. The captured file will be automatically named capture_00018_20181111100841

An overview of the

Commonly used display filters

And/or usage

Capture filter

Set the packet capture size of the capture filter

Related Posts

【 Tick notes 】 Definitely worth your spring notes collection

From non-mainstream to mainstream – STATION B

The mPaaS plugin is officially on Jetbrains Market Place