http and ip.src==192.168.1.100 # \u5148\u7528ipconfig|more\u547d\u4ee4\u67e5\u770b\u81ea\u5df1\u7684IP\u5730\u5740<\/p>\n
smtp || pop || imap #\u6587\u672cEmail\u6d41\u91cf<\/p>\n
ip.src == 192.168.1.100
\nip.dst == 192.168.1.100
\nip.addr == 192.168.1.100
\nip.addr == 192.168.1.100 or ip.addr == 192.168.1.101<\/p>\n
!tcp.port == 3389 #\u6392\u9664RDP\u6d41\u91cf\ntcp.flags.syn == 1 #\u5177\u6709SYN\u6807\u5fd7\u4f4d\u7684TCP\u6570\u636e\u5305\ntcp.flags.rst == 1 #\u5177\u6709RST\u6807\u5fd7\u4f4d\u7684TCP\u6570\u636e\u5305\n!arp #\u6392\u9664ARP\u6d41\u91cf\nhttp #\u6240\u6709HTTP\u6d41\u91cf\ntcp.port==23 || tcp.port==21 #Telnet\u6216FTP\u6d41\u91cf<\/pre>\n
\n<\/p>\n
udp.length == 26 #\u8fd9\u4e2a\u957f\u5ea6\u662f\u6307udp\u672c\u8eab\u56fa\u5b9a\u957f\u5ea68\u52a0\u4e0audp\u4e0b\u9762\u90a3\u5757\u6570\u636e\u5305\u4e4b\u548c\ntcp.len >= 7 #\u6307\u7684\u662fip\u6570\u636e\u5305(tcp\u4e0b\u9762\u90a3\u5757\u6570\u636e)\uff0c\u4e0d\u5305\u62ectcp\u672c\u8eab\nip.len == 94 #\u9664\u4e86\u4ee5\u592a\u7f51\u5934\u56fa\u5b9a\u957f\u5ea614\uff0c\u5176\u5b83\u90fd\u7b97\u662fip.len\uff0c\u5373\u4eceip\u672c\u8eab\u5230\u6700\u540e\nframe.len == 119 #\u6574\u4e2a\u6570\u636e\u5305\u957f\u5ea6\uff0c\u4eceeth\u5f00\u59cb\u5230\u6700\u540e<\/pre>\nhttp.request.method == \"GET\"\nhttp.request.uri == \"\/blog\/awk_sed.txt\"\nhttp.request.full_uri == \"http:\/\/ixyzero.com\/blog\/awk_sed.txt\"<\/pre>\nip.addr == 107.170.214.214 and tcp.len > 0<\/pre>\n\u641c\u7d22\u201c100 Wireshark Tips\u201d<\/p>\n
<\/p>\n
\u53c2\u8003\u94fe\u63a5\uff1a<\/h6>\n
\n
- wireshark \u8fc7\u6ee4\u6cd5\u5219<\/a><\/li>\n
- WireShark \u8fc7\u6ee4\u8bed\u6cd5<\/a><\/li>\n
- http:\/\/packetlife.net\/blog\/2010\/jun\/7\/understanding-tcp-sequence-acknowledgment-numbers\/<\/a><\/li>\n
- http:\/\/networkengineering.stackexchange.com\/questions\/7480\/tcp-length-and-tcp-data-wireshark-filters<\/a><\/li>\n
- https:\/\/ask.wireshark.org\/questions\/4178\/how-do-i-determine-a-tcp-segments-length<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
http and ip.src==192.168.1.100 # \u5148\u7528ipconfig|more\u547d\u4ee4\u67e5\u770b\u81ea\u5df1\u7684 […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[103],"class_list":["post-195","post","type-post","status-publish","format-standard","hentry","category-tools","tag-wireshark"],"views":3167,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=195"}],"version-history":[{"count":0,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/195\/revisions"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=195"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}