Wireshark filtering rules
1. IP filtering: including source IP or destination IP equal to an IP
For example: ip.src addr==192.168.0.208 or ip.src addr eq 192.168.0.208 Show source IP
Ip.dst addr==192.168.0.208 or ip.dst addr eq 192.168.0.208 Display target IP
Second, port filtering:
For example: tcp.port eq 80 // display regardless of whether the port is source or target
Tcp.port == 80
Tcp.port eq 2722
Tcp.port eq 80 or udp.port eq 80
Tcp.dstport == 80 // Only the target port 80 of the tcp protocol is displayed.
Tcp.srcport == 80 // Only the source port of the tcp protocol is displayed.
Filter port range
Tcp.port >= 1 and tcp.port <= 80
Third, the package length filter:
such as:
Udp.length == 26 This length refers to the fixed length of udp itself plus the sum of the packets below udp
Tcp.len >= 7 refers to the ip packet (the data below tcp), excluding tcp itself
Ip.len == 94 In addition to the fixed length of the Ethernet header 14, the other is ip.len, from ip itself to the last
Frame.len == 119 the entire packet length, starting from eth to the end
