When using with = (equal), this bug is missing.
For example, as here in an attempt to filter not one port, but the range of ports:īut actually the filter value (in this case, tcp.port) is overwritten by the last value, so as a result, instead of the expected behavior, we get the result of only the last part, in this case it is
Consider them:Īs you can see, there are two versions, for example, if we want to indicate that the filter value is equal to something, then we can use = or eq.įilters using logical operands can be used to build rather complex structures, but apparently, usage of the same filter with comparison operators is buggy. For example, to show TCP packets containing the string hackware you need the following filter: If an inaccurate entry is sought (better suited for non-numeric values) then contains is used. Remember that in any case you can substitute your data, for example, change the port number to any one of your interest, and also do the same with the IP address, MAC address, time value, etc.įilters can have different values, for example, it can be a string, a hexadecimal format or a number. Some filters are written here in a general form, and some are made as literal examples. To fully understand the importance of filters and their meanings, it is necessary to understand how the network works. Here I consider the display filters that are entered in the main window of the program in the top field below the menu and icons of the main functions. Remember that Wireshark has display filters and capture filters.
0 kommentar(er)
