However, we might want to combine operations in a specific order: for that we need parenthesis. Wireshark, like any other software, executes the operations in order, from left to right. In fact, a packet can be HTTP or FTP, but not HTTP and FTP at the same time. We want to see HTTP and FTP, yet we use the “or” operator: why? Because Wireshark applies the filter on every single packet independently. We should focus for a moment on the second example. tcp and tcp.port = 80 http or ftp not ftp In the second, we match both HTTP and FTP traffic, while in the third we match everything that is not FTP. In the first, we match all TCP traffic running on port 80.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |