Wireshark

  1. ip.addr == x.x.x.x [Sets a filter for any packet with x.x.x.x, as either the source or dest]

  2. ip.addr==x.x.x.x && ip.addr==x.x.x.x [sets a conversation filter between the two defined IP addresses]

  3. tcp.port==xxxx [sets a filter for any TCP packet with xxxx as a source or dest port]

  4. http or dns ((Sets a filter to display all http and dns protocols. It lets you narrow down to the exact protocol you need. So, if you need to track down an odd FTP traffic, then you just have to set it for ‘ftp’. Want to find out why some websites don’t appear? You just have to set it to ‘dns’.))

  5. http.request (This one filters all HTTP GET and POST requests. It can show the most accessed webpages. )

  6. !(arp or icmp or dns) : ((Designed to filter out certain types of protocols, it masks out arp, icmp, dns, or other protocols you think are not useful. This will allow you to focus of what traffic interests you.))

  7. tcp.port == port no. , udp.port == port no.

  8. Wireshark Filter Website URL : http.host == "exact.name.here"

PreviousSSH , SNMP & SMTPNextWpscan & Dirb

Last updated