在练习写过滤表达式但是在网上看到教程这么些 我粘到我的 fliter 里面就不能使用不知如何修改
Capture only traffic to or from IP address 172.18.5.4:
        host 172.18.5.4
Capture non-HTTP and non-SMTP traffic on your server (both are equivalent):
             host www.example.com and not (port 80 or port 25)

              host www.example.com and not port 80 and not port 25

Capture except all ARP and DNS traffic:
         port not 53 and not arp

Capture traffic within a range of ports
     (tcp[2:2] > 1500 and tcp[2:2] < 1550) or (tcp[4:2] > 1500 and tcp[4:2] < 1550)

or, with newer versions of libpcap (0.9.1 and later):
        tcp portrange 1501-1549

Capture only Ethernet type EAPOL:
          ether proto 0x888e

Reject ethernet frames towards the Link Layer Discovery Protocol Multicast group:
not ether dst 01:80:c2:00:00:0e



谢谢

注意分清楚捕获过滤器和显示过滤器

你说的几个例子都适用于捕获过滤器 显示过滤器中写法不是这样的

例如，host 172.18.5.4在显示过滤器中为ip.addr == 172.18.5.4

呵呵,来坐坐沙发来了呀


























飞升之后最新章节

sorry 把这两个概念弄混了