Display Filters
Wireshark uses display filters for general packet filtering while viewing and for its coloring rules.
show only SMTP (25) and ICMP traffic
tcp.port eq 25 or icmp
show only traffic in the LAN 192.168.x.x between workstations and servers, no internet
ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16
TCP buffer full - source is instructing destination to stop sending data
tcp.window_size == 0 && tcp.flags.reset != 1
Sasser worm: what sasser really did
ls_ads.opnum==0x09
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment