Filtering Traffic in wireshark

--- title: Filtering Traffic in wireshark tags: --- # Filtering for IP Addresses, Source or Destination ![](https://i.imgur.com/mRJvy3v.png) ## IP :::info IP filter `ip.addr==192.168.56.01` ::: source &destinion 都包含192.168.56.01 ![](https://i.imgur.com/r8HNF7q.png) :::info 限定source IP `ip.src==192.168.56.01` ::: ![](https://i.imgur.com/wmIQR0h.png) :::info 限定destination IP `ip.dst==192.168.56.01` ::: ![](https://i.imgur.com/UZyS7gd.png) :::info 限定subnet `ip.addr==192.168.56.0/24` ::: ![](https://i.imgur.com/JgzRiOV.png) ![](https://i.imgur.com/wutTCAm.png) 勾選 Limit to display filter -> only shows conversations only matching the current display filter ![](https://i.imgur.com/sogoCCL.png) ## Filtering for Protocols and Port Numbers Analyze -> display filters 裡面有小抄可以參照 ![](https://i.imgur.com/w5oBaKa.png) ![](https://i.imgur.com/DauTwPO.png) HTTP TS 時使用Layer4： TCP + port 去看 before HTTP前的資料 `tcp.port==80` ![](https://i.imgur.com/lg2oFng.png) 單用HTTP 查詢看不到之前的資料 ![](https://i.imgur.com/1ed5jjI.png) ## Filtering for Conversations ![](https://i.imgur.com/8rPZjZj.png)