SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


wiresharknotes
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

wiresharknotes [2013/05/14 20:27] (current)
sjoerd created
Line 1: Line 1:
 += Notes, Tips & Tricks: WireShark
  
 +This is a notes page, extended with tips & tricks. This page is not really documentation,​ just stuff for me to remember. Sometimes things will get removed from these pages and turned into real documentation,​ sometimes not. You might find these notes to come in hand, maybe not. For me, it's just things I don't want to forget.
 +
 +== Trace in Linux ==
 +<​code>​
 +tcpdump -w /​tmp/​tracefile
 +</​code>​
 +You can end the trace using <​ctrl>​ + c, after which you can open the file using wireshark.
 +
 +== Display Filters ==
 +* Only IP-address 10.10.10.10
 +** ip.addr == 10.10.10.10
 +* Everything except IP-address 10.10.10.10
 +** !(ip.addr == 10.10.10.10) ​
 +* Everything except DNS and NTP
 +** !(udp.port == 53) and !(udp.port == 123)
 +
 +{{tag>​notes network tools}}
wiresharknotes.txt ยท Last modified: 2013/05/14 20:27 by sjoerd