Display-filter TCP traffic by IP and ports
The following rule will filter the traffic so that only traffic to/from TCP port 4444 or traffic to/from IPv4 address 172.17.84 will be displayed:
tcp.srcport == 4444 or tcp.dstport == 4444 or ip.src == 172.17.1.84 or ip.dst==172.17.1.84
How to display-filter TCP traffic by TCP flags?
tcp.flags.reset == 0x02
tcp.flags.syn == 0x02
tcp.flags.ack == 0x02
How to change the timestamp display format?
Navigate to View/Time Display Format and choose a timestamp display format you can understand.
What is Unix epoch time?
The Unix epoch (or Unix time or POSIX time or Unix timestamp) is the number of seconds that have elapsed since January 1, 1970 (midnight UTC/GMT), not counting leap seconds (in ISO 8601: 1970-01-01T00:00:00Z).
How to specify capture filters and options to capture data?
2. Double-click the interface(s) on which you want to capture data
3. Specify your capture filter in the "Edit Interface Settings" dialog box, then close it.
4. Specify your capture options in the "Wireshark: Capture Options" dialog box, such as which interface to capture data, whether in promiscuous mode, store captured data in single or multiple files, the location of the log file, when to stop, etc.
5. Click "start" in the "Wireshark: Capture Options" dialog box
Capture filter syntax
Wireshark capture filter syntax is different from its display filter syntax. Below is an example capture filter:
tcp port 6600 or tcp port 104
For more, refer to: http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
- Wireshark Command Line Tools by alon_stack on 2014-07-29
- Wireshark DICOM Filters by lucas88 on 2013-09-11
- Wireshark Capture Filters by tmayes123 on 2013-09-11
- Wireshark Documentation by lucas88 on 2013-09-11
- How to Extract and Analyze Wireshark-Captured Data? by alon_stack on 2013-04-14
- Wireshark Monitoring Keeps Crashing by alon_stack on 2013-04-14
- Some Common Wireshark Display Filters by alon_stack on 2013-04-14
- Wireshark Promiscuous Mode by alon_stack on 2013-04-14