Configuring compound filters
Structure filters are simply made for writing filters out of several conditions. It uses simple conditions, such as not, and, and or for creating structured conditions.
Getting ready
Structured filters are written in the following format:
[not] primitive [and|or [not] primitive ...]
The following modifiers are commonly used in the Wireshark capture filters:
!ornot&&orand||oror
How to do it...
To configure structured filters, you simply write the conditions according to what we learned in the previous recipes, with conditions to meet your requirements.
Some common filters are:
- For capturing only unicast packets, configure
not broadcast and not multicast. - For capturing HTTP packets to www.youtube.com, configure
host www.youtube.com ...
Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
