Wireshark commands

Some Wireshark filter fields match against multiple protocol fields. For example, "ip.addr" matches against both the IP source and destination addresses in the IP header. The same is true for "tcp.port", "udp.port", "eth.addr", and others. It's important to note that ip.addr == 10.43.54.65 is equivalent to ip.src == 10.43.54.65 or ip.dst == 10.43.54.65 This can be counterintuitive in some cases. … Continue reading Wireshark commands

Advertisements