Wireshark - 0.99.5 Uživatelská příručka stáhnout pdf (Strana 126)

You can combine filter expressions in Wireshark using the logical operators shown in Table 6.5,

“Display Filter Logical Operations”

Table 6.5. Display Filter Logical Operations

English C-like Description and example

and &&

Logical AND

ip.addr==10.0.0.5 and tcp.flags.fin

or ||

Logical OR

ip.addr==10.0.0.5 or ip.addr==192.1.1.1

xor ^^

Logical XOR

tr.dst[0:3] == 0.6.29 xor tr.src[0:3] == 0.6.29

not !

Logical NOT

not llc

[...]

Substring Operator

Wireshark allows you to select subsequences of a sequence in rather elab-

orate ways. After a label you can place a pair of brackets [] containing a

comma separated list of range specifiers.

eth.src[0:3] == 00:00:83

The example above uses the n:m format to specify a single range. In this

case n is the beginning offset and m is the length of the range being spe-

cified.

eth.src[1-2] == 00:83

The example above uses the n-m format to specify a single range. In this

case n is the beginning offset and m is the ending offset.

eth.src[:4] == 00:00:83:00

The example above uses the :m format, which takes everything from the

beginning of a sequence to offset m. It is equivalent to 0:m

eth.src[4:] == 20:20

The example above uses the n: format, which takes everything from offset

n to the end of the sequence.

Working with captured packets

112

1 2 ... 121 122 123 124 125 126 127 128 129 130 131 ... 222 223

Žádné komentáře

Wireshark - 0.99.5 Uživatelská příručka Strana 126