Comparison operatorsįields can also be compared against values. Think of a protocol or field in a filter as implicitly having the "exists" operator. To see all packets that contain a Token-Ring RIF field, use "tr.rif". If you want to see all packets which contain the IP protocol, the filter would be "ip" (without the quotation marks). The simplest filter allows you to check for the existence of a protocol or field. FILTER SYNTAX Check whether a field or protocol exists A comprehensive reference of filter fields can be found within Wireshark and in the display filter reference at. Display filters let you compare the fields within a protocol against a specific value, compare fields against fields, and check the existence of specified fields or protocols.įilters are also used by other features such as statistics generation and packet list colorization (the latter is only available to Wireshark). If a packet meets the requirements expressed in your filter, then it is displayed in the list of packets. Wireshark and TShark share a powerful filter engine that helps remove the noise from a packet trace and lets you see only the packets that interest you. Wireshark-filter - Wireshark filter syntax and reference SYNOPSIS Wireshark-filter - The Wireshark Network Analyzer 2.6.6 NAME
0 kommentar(er)
