一、常用的wireshark搜索语法
(1)
http.request.uri contains "admin/activities" #搜索URL包含"admin/activities"的链接
(2)wireshark协议分析
http://blog.csdn.net/ahafg/article/details/51039584
二、过滤http中包含指定header头的内容
tcpdump -i bind0 and host 192.168.1.1 -w analyze.pcap #先用tcpdump捕获,然后再用wireshark打开
http contains "www.uuwatch.me" and http contains "pizza" and http contains "x-shard: " #搜寻域名为"www.uuwatch.me"且http的header头中包含"x-shard: "的http请求,效果如下图所示
Reference:https://osqa-ask.wireshark.org/questions/11809/how-to-filter-from-field-in-http-header
三、或和and过滤语法的使用
下图"ssl||http2"表示过滤ssl或http2的协议的包
下图中的"ip.addr == 118.25.101.120&&(ssl||http2)"表示过滤ip地址是118.25.101.120且协议为(ssl或http2)的包
四、选择任何你想过滤的包的字段,右键"Apply as Filter"->"Selected"(也可选择其它几种)即可,这里为"frame.number == 5246"的过滤语句.通过这种方式来实现自定义过滤.
五、http过滤语法官方文档
(1)https://www.wireshark.org/docs/dfref/h/http.html