图片内容是一份 Wireshark Cheat Sheet,主要用于帮助用户快速参考 Wireshark 的常用过滤命令和工具栏选项。
1. 过滤命令大全
这一部分列出了 Wireshark 中常用的过滤命令,按用途分类:
| 用途 | 过滤语法 |
|---|---|
| 按 IP 过滤 | ip.addr == 10.10.50.1 |
| 按目标 IP 过滤 | ip.dst == 10.10.50.1 |
| 按源 IP 过滤 | ip.src == 10.10.50.1 |
| 按 IP 范围过滤 | ip.addr >= 10.10.50.1 and ip.addr <= 10.10.50.100 |
| 按多个 IP 过滤 | ip.addr == 10.10.50.1 or ip.addr == 10.10.50.100 |
| 排除 IP 地址 | !(ip.addr == 10.10.50.1) |
| 按子网过滤 | ip.addr == 10.10.50.1/24 |
| 按端口过滤 | tcp.port == 25 |
| 按目标端口过滤 | tcp.dstport == 25 |
| 按 IP 和端口过滤 | ip.addr == 10.10.50.1 and tcp.port == 25 |
| 按 URL 过滤 | http.host == "host name" |
| 按时间戳过滤 | frame.time >= "June 02, 2019 11:04:00" |
| 过滤 SYN 标志 | Tcp.flags.syn == 1 |
| 过滤 Beacon 包 | wlan.fc.type_subtype == 0x08 |
| 广播过滤 | eth.dst == ff:ff:ff:ff:ff:ff |
| 多播过滤 | eth.dst == 01:00:5e:00:00:00 |
| 按 MAC 地址过滤 | eth.addr == 00:70:f4:23:18:c4 |
| 过滤 RST 标志 | tcp.flags.reset == 1 |
2. 工具栏常用功能选项
这一部分列出了 Wireshark 工具栏中的常用选项以及它们的功能说明:
| 工具栏图标 | 工具栏项目 | 菜单项目 | 功能描述 |
|---|---|---|---|
| 开始 | Capture → Start | Uses the same packet capturing options as the previous session or starts a new capture | |
| 停止 | Stop | Stops currently active capture | |
| 重新开始 | Capture → Restart | Restart active capture session | |
| 选项 | Capture → Options | Opens “Capture Options” dialog box | |
| 打开 | File → Open… | Opens “File open” dialog box to load a capture file for viewing | |
| 另存为 | File → Save As… | Save current capture file | |
| 关闭 | File → Close | Close current capture file | |
| 重新加载 | File → Reload | Reload current capture file | |
| 查找包 | Edit → Find Packet | Find packet based on different criteria | |
| 回退 | Go → Go back | Jump back in the packet history | |
| 前进 | Go → Go forward | Jump forward in the packet history | |
| 转到包 | Go → Go to Packet | Go to specific packet | |
| 转到第一个包 | Go → Go to First Packet | Jump to first packet of the capture file | |
| 转到最后一个包 | Go → Go to Last Packet | Jump to last packet of the capture file | |
| 自动滚动 | View → Auto Scroll in Live Capture | Auto scroll packet list during live capture | |
| 着色 | View → Colorize | Colorize the packet list (or not) | |
| 放大 | View → Zoom In | Zoom into the packet data (increase the font size) | |
| 缩小 | View → Zoom Out | Zoom out of the packet data (decrease the font size) | |
| 正常大小 | View → Normal Size | Set zoom level back to 100% | |
| 调整列大小 | View → Resize Columns | Resize columns so the content fits the width |
总结
这份 Cheat Sheet 提供了 Wireshark 中两类主要信息:
- 过滤命令:方便用户快速找到特定的网络包,包含按 IP、端口、时间戳、标志位等的过滤方式。
- 工具栏命令:列出捕获、保存、重新加载、查看包等常用功能的快捷方式及说明。