 | 1 | initial version |
Wireshark man pages: https://www.wireshark.org/docs/man-pages/
Capture filtering is handled by libpcap, and its documentation is part of the libpcap distribution.
pcap-filter - Capture filter syntax
To select all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets. (IPv6 is left as an exercise for the reader.) tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
