zoukankan      html  css  js  c++  java

  • wireshark和tcpdump的过滤器用法


    ##########################################
    # Generate Filter tool:
    # https://www.wireshark.org/tools/string-cf.html
    #
    # GET Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
    # POST Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20
    # PUT Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x50555420
    # DELETE Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x44454c45 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x5445 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x20
    # HEAD Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48454144 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20
    # HTTP RESPONSE Filter:
    # tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x2f31 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x2e

    tcpdump -Avvvnn "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
    || (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20)
    || (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x50555420)
    || (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x44454c45 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x5445 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x20)
    || (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48454144 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20)
    || (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x2f31 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x2e)"
  • 相关阅读:
    用迭代法求x=a−−√。求平方根的迭代公式为 xn+1 = 12(xn + axn) 要求前后两次求出的x的差的绝对值小于10−5
    C 数组
    fofa自动化爬虫脚本更新+详解
    c# winfrom接收http协议body数据
    FLW要求
    modbus工具问题
    2020年总结
    WIFI K型热电偶传感器
    泛海三江烟感JTY-GD-H361 V2.7
    工位终端
  • 原文地址:https://www.cnblogs.com/mrcoolfuyu/p/13972639.html
Copyright © 2011-2022 走看看