How To Filter And Inspect Packets In Wireshark?
source link: https://blog.knoldus.com/how-to-filter-and-inspect-packets-in-wireshark/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
How To Filter And Inspect Packets In Wireshark?
Reading Time: 2 minutes
Here in this blog we will see how to apply Filters and inspect packets. So to apply Filters in Wireshark, we have two ways:
- In the Display Filter window, at the top of the screen
- By highlighting a packet and right-clicking on the packet
Wireshark filters use key phrases as follows:
ip.addrSpecifies an IPv4 addressipv6.addrSpecifies an IPv6 addresssrcSource- where the packet came fromdstDestination- where the packet is going
We can also use the following values:
&&Means “and,” as in, “Choose the IP address of 192.168.2.1 and 192.168.2.2”==Means “equal,” as in “Choose only IP address 192.168.2.1”!Means “not,” as in, do not show a particular IP address or source port
The Filters which are valid have a green color. If there is any mistake then the box will turn into vivid pink.
Let’s start with an example of how to inspect packets using filters. Suppose we want to see packets that have only an IP address of 18.224.161.65 somewhere inside. We will create the following command line, and put it into the filter window.
ip.addr==18.224.161.65
Alternatively, we can highlight the IP address of a packet and then create a filter for it. Once we select the IP address, right-click, and then select the Apply As Filter Option. We’ll see a menu of additional options. One of those is “Selected”. If we choose “Selected”, then Wireshark will create a filter that shows only packets with that IP address in it.
We can also decide to filter out a specific IP address using the below filter.
!ip.addr==18.224.161.65Also, we are not limited to IPv4 addresses. If a particular system is active and using an IPv6 address on our network, we can open another Wireshark window and apply the below rule:
ipv6.dst == 2607:f8b0:400a:15::b
Some Additional Filters Are:
tcp.port==8080Filters packets to show a port of your own choosing – in this case, port 8080!(ip.src == 162.248.16.53)Shows all packets except those originating from 162.248.16.53!(ipv6.dst ==
2607:f8b0:400a:15::bShows all packets except those going to the IPv6 address of 2607:f8b0:400a:15::bip.addr == 192.168.4.1 &&
ip.addr == 192.168.4.2Shows both 192.168.4.1 and 192.168.4.2http.requestShows only HTTP requests – useful when troubleshooting or visualizing web traffic
Wireshark is a powerful application. For more information, you can read here.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK