Ask Your Question
0

Why ip == anything is a valid filter? and what does it mean

asked 2021-02-19 14:49:20 +0000

Dragos gravatar image

Why filters like ip == anything, ipv6 == anything, tcp == anything, http == anything, etc, any_protocol == anything are valid? What do they represent, is there any use case for these filters.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2021-02-19 17:39:24 +0000

cmaynard gravatar image

You can use such filters to match the packet bytes, if you wish. For example:

tcp == e1:90:1f:90:c0:99:3f:0f:5b:f7:83:25:50:10:04:02:e1:eb:00:00

How useful is that? I don't know. Wireshark merely provides you with the ability to filter just about anything you want, but it's up to the user to decide what's useful or not. Other filters besides equality might be more useful though, for example:

dns contains "wireshark"
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-02-19 14:49:20 +0000

Seen: 227 times

Last updated: Feb 19 '21

Related questions

aix iptrace capture filters

Can't capture TLS certificate

Can I create a capture filter on a pcap file

Resolve frame subtype and export to csv

Difference between !(ip.addr == 192.0.2.1) and (ip.addr != 192.0.2.1)

Can I filter out ack responses to packets otherwise filetered out?

Frame type display filter returning empty

Wireshark throughput comparison

How can be create a filter for a particular label ?

How To Apply Filters?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2