Wireshark - 0.99.5 Podręcznik Użytkownika Strona 125
- Strona / 223
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
English C-like Description and example
ge
>=
Greater than or equal to
frame.pkt_len ge 0x100
le
<=
Less than or equal to
frame.pkt_len <= 0x20
In addition, all protocol fields are typed. Table 6.4, “Display Filter Field Types” provides a list of
the types and example of how to express them.
Table 6.4. Display Filter Field Types
Type Example
Unsigned integer (8-bit, 16-bit, 24-bit, 32-bit)
You can express integers in decimal, octal, or
hexadecimal. The following display filters are
equivalent:
ip.len le 1500
ip.len le 02734
ip.len le 0x436
Signed integer (8-bit, 16-bit, 24-bit, 32-bit)
Boolean
A boolean field is present in the protocol decode
only if its value is true. For example,
tcp.flags.syn is present, and thus true, only if the
SYN flag is present in a TCP segment header.
Thus the filter expression tcp.flags.syn will se-
lect only those packets for which this flag exists,
that is, TCP segments where the segment header
contains the SYN flag. Similarly, to find source-
routed token ring packets, use a filter expression
of tr.sr.
Ethernet address (6 bytes)
Separators can be a colon (:), dot (.) or dash (-)
and can have one or two bytes between separat-
ors:
eth.addr == ff:ff:ff:ff:ff:ff
eth.addr == ff-ff-ff-ff-ff-ff
eth.addr == ffff.ffff.ffff
IPv4 address ip.addr == 192.168.0.1
IPv6 address ipv6.addr == ::1
IPX address ipx.addr == 00000000.ffffffffffff
String (text) http.request.uri == "http://www.wireshark.org/"
6.4.3. Combining expressions
Working with captured packets
111
- Wireshark User's Guide 1
- Table of Contents 4
- 1. Foreword 8
- 3. Acknowledgements 10
- 4. About this document 11
- #usersguide 12
- Chapter 1. Introduction 15
- 1.1.6. Many protocol decoders 16
- 1.1.7. Open Source Software 16
- 1.1.8. What Wireshark is not 17
- 1.2. System Requirements 18
- 1.2.3. Unix / Linux 19
- 1.3. Where to get Wireshark? 20
- Wireshark 22
- 1.6.1. Website 23
- 1.6.2. Wiki 23
- 1.6.3. FAQ 23
- 1.6.4. Mailing Lists 23
- 1.6.5. Reporting Problems 24
- Introduction 26
- Download all required files! 28
- 2.8.1. Install Wireshark 35
- 2.8.1.4. Command line options 36
- 2.8.3. Update Wireshark 37
- 2.8.4. Update WinPcap 37
- 2.8.5. Uninstall Wireshark 37
- 2.8.6. Uninstall WinPcap 38
- Chapter 3. User Interface 40
- 3.2. Start Wireshark 41
- 3.3. The Main window 42
- 3.3.1. Main Window Navigation 43
- 3.4. The Menu 44
- Table 3.2. File menu items 45
- Table 3.3. Edit menu items 48
- Table 3.4. View menu items 50
- 3.8. The "Go" menu 54
- Table 3.6. Capture menu items 56
- Table 3.7. Analyze menu items 58
- Table 3.9. Help menu items 62
- 3.18. The Statusbar 71
- User Interface 72
- 4.1. Introduction 73
- 4.2. Prerequisites 74
- 4.3. Start Capturing 75
- Capturing Live Network Data 77
- 4.5.1. Capture frame 78
- 4.5.2. Capture File(s) frame 80
- 4.5.3. Stop Capture... frame 80
- 4.5.4. Display Options frame 81
- 4.5.5. Name Resolution frame 81
- 4.5.6. Buttons 81
- 4.7. Link-layer header type 84
- Printing 91
- 5.2. Open capture files 92
- 5.2.2. Input File Formats 94
- 5.3. Saving captured packets 96
- 5.3.2. Output File Formats 98
- 5.4. Merging capture files 100
- 5.5. File Sets 102
- 5.6. Exporting data 104
- File" dialog box 105
- 5.7. Printing packets 110
- 5.8. The Packet Range frame 112
- 5.9. The Packet Format frame 113
- Working with captured packets 116
- 6.2. Pop-up menus 117
- 6.4.1. Display filter fields 124
- 6.4.2. Comparing values 124
- 6.4.3. Combining expressions 125
- 6.4.4. A common mistake 127
- Warning! 130
- 6.7. Finding packets 132
- 6.8. Go to a specific packet 134
- 6.9. Marking packets 135
- Chapter 7. Advanced Topics 139
- 7.2. Following TCP streams 140
- 7.3. Time Stamps 142
- Advanced Topics 143
- 7.4. Time Zones 144
- 7.5. Packet Reassembling 147
- 7.6. Name Resolution 149
- 7.7. Checksums 151
- 7.7.2. Checksum offloading 152
- Chapter 8. Statistics 154
- Statistics 155
- 8.4. Endpoints 159
- 8.5. Conversations 161
- 8.7. Service Response Time 164
- 9.1. Introduction 168
- 9.3. Packet colorization 174
- 9.4.2. User Specified Decodes 179
- 9.5. Preferences 181
- 9.6. User Table 182
- 9.7. Display Filter Macros 183
- 9.9. User DLTs protocol table 185
- 9.10. SNMP users Table 186
- Customizing Wireshark 187
- Appendix A. Files and Folders 188
- • the current display filter 189
- Files and Folders 189
- Windows folders 191
- Unix/Linux folders 191
- A.3. Windows folders 194
- C.1. Packet List Messages 198
- C.2. Packet Details Messages 199
- Wireshark Messages 200
- D.1. Introduction 201
- Related command line tools 202
- CORBA IDL files 215
- D.9.4. TODO 216
- D.9.5. Limitations 217
- D.9.6. Notes 217
© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.205 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji