wireshark和tcpdump的过滤器用法 - 走看看

zoukankan html css js c++ java

wireshark和tcpdump的过滤器用法

##########################################
# Generate Filter tool:
# https://www.wireshark.org/tools/string-cf.html
#
# GET Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
# POST Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20
# PUT Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x50555420
# DELETE Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x44454c45 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x5445 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x20
# HEAD Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48454144 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20
# HTTP RESPONSE Filter:
# tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x2f31 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x2e

tcpdump -Avvvnn "tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
|| (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20)
|| (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x50555420)
|| (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x44454c45 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x5445 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x20)
|| (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48454144 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:1] = 0x20)
|| (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x48545450 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] = 0x2f31 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] = 0x2e)"

查看全文

相关阅读:
多态
 扩展方法
 git 新账户链接新仓库地址
 获取数据类型
 解构赋值
 var let const 无关键字定义变量
 http
onmouseover、onmouseout、onmouseenter、onmouseleave
setInterval、setTimeout、requestAnimationFrame
vue的prop父子组件传值

原文地址：https://www.cnblogs.com/mrcoolfuyu/p/13972639.html

热门文章
C#创建日志
 LINQ全语法
 Unity InputSystem
事件
 属性
 委托
 四元数
 协程
 列表和字典
 覆盖

Copyright © 2011-2022 走看看