WIRESHARK Packet Filtering | Protocol Filters

WIRESHARK Packet Filtering | Protocol Filters

Seyed Arshia Ahmadi Feizabadi Seyed Arshia Ahmadi Feizabadi

Seyed Arshia Ahmadi Feizabadi

Cyber Security Instructor | Owner of Feizabadi Cyber Solutions ( FeizaSec ) | Penetration Tester | THM Top1%

发布日期: 2023年12月7日
+ 关注

by Seyed Arshia Ahmadi Feizabadi

Protocol Filters

As mentioned in the previous article, Wireshark supports 3000 protocols and allows packet-level investigation by filtering the protocol fields. This task shows the creation and usage of filters against different protocol fields.?


IP Filters

IP filters help analysts filter the traffic according to the IP level information from the packets (Network layer of the OSI model). This is one of the most commonly used filters in Wireshark. These filters filter network-level information like IP addresses, version, time to live, type of service, flags, and checksum values.


The common filters are shown in the given table.

TCP and UDP Filters

TCP filters help analysts filter the traffic according to protocol-level information from the packets (Transport layer of the OSI model). These filters filter transport protocol level information like source and destination ports, sequence number, acknowledgement number, windows size, timestamps, flags, length and protocol errors.

领英推荐

Application Level Protocol Filters | HTTP and DNS

Application-level protocol filters help analysts filter the traffic according to application protocol level information from the packets (Application layer of the OSI model ). These filters filter application-specific information, like payload and linked data, depending on the protocol type.


Display Filter Expressions

As mentioned earlier, Wireshark has a built-in option (Display Filter Expression) that stores all supported protocol structures to help analysts create display filters. When an analyst can't recall the required filter for a specific protocol or is unsure about the assignable values for a filter, the Display Filter Expressions menu provides an easy-to-use display filter builder guide. It is available under the?"Analyse --> Display Filter Expression"?menu.


It is impossible to memorise all details of the display filters for each protocol. Each protocol can have different fields and can accept various types of values. The Display Filter Expressions menu shows all protocol fields, accepted value types (integer or string) and predefined values (if any). Note that it will take time and require practice to master creating filters and learning the protocol filter fields.


要查看或添加评论,请登录

Seyed Arshia Ahmadi Feizabadi的更多文章

社区洞察

其他会员也浏览了