The matches, or ~, operator makes it possible to search for text in string fields and byte sequences using a regular expression, using Perl regular expression syntax. Match packets where SIP To-header contains the string "a1762" anywhere in the header: Match packets that contains the 3-byte sequence 0x81, 0圆0, 0x03 anywhere in the UDP header or payload: It is also possible to search for characters appearing anywhere in a field or protocol by using the contains operator. Thus you may restrict the display to only packets from a specific device manufacturer. The "slice" feature is also useful to filter on the vendor identifier part (OUI) of the MAC address, see the Ethernet page for details. (Useful for matching homegrown packet protocols.) Note that the values for the byte sequence implicitly are in hexadecimal only. Match packets containing the (arbitrary) 3-byte sequence 0x81, 0圆0, 0x03 at the beginning of the UDP payload, skipping the 8-byte UDP header. tcp.window_size = 0 & != 1įilter on Windows - Filter out noise, while watching Windows Client - DC exchanges.TCP buffer full - Source is instructing Destination to stop sending data Show only traffic in the LAN (.x), between workstations and servers - no Internet: Show only SMTP (port 25) and ICMP traffic: See also CaptureFilters#Capture_filter_is_not_a_display_filter. Capture filters (like tcp port 80) are not to be confused with display filters (like tcp.port = 80).
0 kommentar(er)
