如何在wireshark中使用过滤器? [英] How to use filters in the wireshark?
问题描述
我尝试使用 Wireshark 捕获 http 流量,但无法实现过滤器.
例如,我需要按 URL 过滤流量.我在教程
所以我尝试遵循但有错误过滤器表达式中的语法错误或无效的捕获过滤器:
如何在 Wireshark 中正确使用过滤器?
Step – 1:选择正确的界面
您需要选择从中嗅探数据的接口.如果您使用无线路由器连接互联网,请选择 Wi-fi: en0 选项.
如果您对许多选项感到困惑,请移除不需要的连接设备以减少选项,同时打开任何 YouTube 视频,以便您可以在 Internet 链接界面上看到流量波动.请注意,接口旁边的直线表示该接口上没有活动流量.
(有关详细信息,请参阅以下视频:
(详细信息请参考视频:
然后按回车键,你的红色过滤器颜色变成绿色 &你可以在底部看到
数据包:(number1).显示 : (number2)
number1- 接口上捕获的数据包总数
number2 - www.wireshark.org
接口上的相关数据包数量第 4 步:保存数据包
仅保存相关流量(5 个数据包)并排除不需要的流量(397 个数据包).
- 点击文件
- 点击导出指定的数据包
- 选择文件名和路径
- 选择格式 pcapng
I try to capture http traffic with Wireshark and cant implement filters.
For example, I need filtered traffic by URL. I found solution in the tutorial https://www.wireshark.org/docs/man-pages/wireshark-filter.html
So I try to follows but have the error syntax error in the filter expression or invalid capture filter:
How to correctly use filters in the Wireshark?
Step – 1: Select correct interface
You need to choose the interface you're sniffing data from. If you are using wireless router to connect internet, then select the Wi-fi: en0 option.
If you are confused with many options, please remove unwanted connected devices to reduce the options, also open any YouTube video so that you can see the traffic fluctuation on your internet link interface. Note that straight line next to interface means no active traffic on that interface.
(Refer below video for detail information: https://www.youtube.com/watch?v=1wB3ku4TSLY)
Step-2 : Design correct filter
To apply correct filter, you should know the public IP address or port (or both). In your case, open cmd prompt (windows user) and Nslookup your URL to find the ip address
(Refer video for detail information : https://www.youtube.com/watch?v=5DzG2hKAZ9U)
Hence your filter is "ip.addr == 104.26.11.240"
Step-3 : Apply filter
Instead of "http contains "Google"" please Enter "ip.addr == 104.26.11.240" without double quotes.
And hit the enter key, your red filter Colour become green & you can see at the bottom
packets : (number1) . Displayed : (number2)
number1- total number of packets captured on interface
number2 - relevant number of packets on interface of www.wireshark.org
Step-4 : save packets
Save only relevant traffic (5 packets) and exclude the unwanted traffic (397 packets).
- Click on file
- Click on exports specified packets
- Select filename & path
- Select format pcapng
这篇关于如何在wireshark中使用过滤器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
