SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


Sidebar

Recently Changed Pages:

View All Pages


View All Tags


LinkedIn




WIKI Disclaimer: As with most other things on the Internet, the content on this wiki is not supported. It was contributed by me and is published “as is”. It has worked for me, and might work for you.
Also note that any view or statement expressed anywhere on this site are strictly mine and not the opinions or views of my employer.


Pages with comments

View All Comments

wiresharknotes

Notes, Tips & Tricks: WireShark

This is a notes page, extended with tips & tricks. This page is not really documentation, just stuff for me to remember. Sometimes things will get removed from these pages and turned into real documentation, sometimes not. You might find these notes to come in hand, maybe not. For me, it's just things I don't want to forget.

Trace in Linux

tcpdump -w /tmp/tracefile

You can end the trace using <ctrl> + c, after which you can open the file using wireshark.

Display Filters

  • Only IP-address 10.10.10.10
    • ip.addr == 10.10.10.10
  • Everything except IP-address 10.10.10.10
    • !(ip.addr == 10.10.10.10)
  • Everything except DNS and NTP
    • !(udp.port == 53) and !(udp.port == 123)
You could leave a comment if you were logged in.
wiresharknotes.txt · Last modified: 2021/09/23 22:25 (external edit)