非常抱歉,我的英语不是很好,所以只能写中文了。在使用wireshark过程中我遇到一个问题,就是我想在抓包之前设置过滤,只抓取HTTP协议的数据包,为什么我在对网卡进行设置的时候在过滤条件中输入HTTP显示的就是经色,这表示这个设置不对的,但是输入TCP之类的都可以。我想问一下这是什么原因?
asked 17 Dec '12, 17:59  jun closed 20 Dec '12, 23:24  Kurt Knochner ♦ |
The question has been closed for the following reason “Duplicate Question of http://ask.wireshark.org/questions/17118/issue-about-crawl-http" by Kurt Knochner 20 Dec ‘12, 23:24
2 Answers:
您可以不使用 HTTP作为捕捉过滤器,因为这不是一个有效的libpcap的过滤器语法。而 TCP是一个有效的过滤器。 在这里看到:http://www.manpagez.com/man/7/pcap-filter/ 请使用此过滤器,而不是`TCP端口80 此致 库尔特 You cannot use http as a capture filter, as that is not a valid libpcap filter syntax. whereas tcp is a valid filter. See here: http://www.manpagez.com/man/7/pcap-filter/ Please use this filter instead: Regards answered 18 Dec '12, 12:15 Kurt Knochner ♦ 如果使用tcp port 80这个过滤语法的话,那么他只能抓取经过80端口的HTTP协议哦,如果有些HTTP协调不是通过80端口的又要怎么抓呢? (18 Dec '12, 17:16) jun |
这个要用 高级过滤器才行 抓Http GET 或者 HEAD (80 可以改为任意) tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R 'http.request.method == "GET" || http.request.method == "HEAD" PS:LZ 怎么跑这里来问了 ? answered 18 Dec '12, 21:35  Missuniverse110 那个高级过滤器要另外安装吗? 不在问在那里问,还有中文版的论坛吗? (18 Dec '12, 23:49) jun 能否请您重复安装过滤器的问题吗? 顺便说一句:有没有中国版网站。我建议英语问(询问你的同事),谷歌翻译增加了一些错误,这使得通信有点难。 Can you please repeat the question about installing the filter? There is no chinese version of this site. I suggest to ask in english (ask a colleague of yours), as Google translate adds some errors, which makes communication somewhat hard. (19 Dec '12, 00:27) Kurt Knochner ♦ |
Sounds like a display filter versus capture filter question.