![]() “not tcp port 3128 and tcp port 23” is equivalent to “(not tcp port 3128) and tcp port 23”. Alternation (“or”) and concatenation (“and”) have equal precedence and associate left to right. If no host(s) is specified, the “host” keyword is used.įor example, “src 10.1.1.1” is equivalent to “src host 10.1.1.1”. If no source or destination is specified, the “src or dst” keywords are applied.įor example, “host 10.2.2.2” is equivalent to “src or dst host 10.2.2.2”. Values: src, dst, src and dst, src or dst ![]() If no protocol is specified, all the protocols are used. Values: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp. Syntax: Protocol Direction Host(s) Value Logical Operations Other expressionĮxample: tcp dst 10.1.1.1 80 and tcp dst 10.2.2.2 3128 – Fill the “capture filter” field or click on the “capture filter” button to give a name to your filter to reuse it for subsequent captures. The steps to configure a capture filter are the following: ![]() The capture filter must be set before launching the Wiershark capture, which is not the case for the display filters that can be modified at any time during the capture. ![]() The capture filter syntax is the same as the one used by programs using the Lipcap (Linux) or Winpcap (Windows) library like the famous TCPdump.
0 Comments
Leave a Reply. |