Ask Your Question
0

HTTP && TCP filter

asked 2020-10-10 14:21:10 +0000

niralan gravatar image

updated 2020-10-10 14:21:38 +0000

Why using this filter returns packets with HTTP and OCSP protocol? I thought the AND operator returns anything only when both conditions are true?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-10-10 16:09:34 +0000

Chuckc gravatar image

There is a sample capture attached to this issue (#15674)

If you look at View-> Protocol Hierarchy it shows Online Certificate Status Protocol under Hypertext Transfer Protocol

Or select one of the OCSP packets, expand Frame and look at 

[Protocols in frame [truncated]: eth:ethertype:ipv6:tcp:http:ocsp:ocsp:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509sat:x509ce:x509ce:ocsp:pkix1implicit]

tcp:http:ocsp:
edit flag offensive delete link more

Comments

This was only implied, but for clarification Wireshark display filters are used to include or exclude each packet depending on whether it has the fields or field values specified in the filter, thus a filter of HTTP will include all packets containing protocols that an on top of http as all such packets contain the "field".

grahamb gravatar imagegrahamb ( 2020-10-11 08:56:38 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-10-10 14:21:10 +0000

Seen: 1,221 times

Last updated: Oct 10 '20

Related questions

vlan capture filter ineffective

how make ip filter in tshark????

Capture Filter - Exclude URL Containing Certain String

tshark capture and filter HTTP in WPA2 secured network

Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?

I need to setup a mac address filter to capture traffic from different devices.

dumpcap problem with multiple interfaces and filter

Unable to display IEEE1722-1 packet in Wireshark 3.0.3

I want to capture concurrently and save it as multiple files where each file has its own distinct capture filter?