上QQ阅读APP看书,第一时间看更新
Getting ready
The basic layer 4 filters are:
- port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to/from the port indicated in the identifier field
- dst port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to the destination port indicated in the identifier field
- src port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to the source port indicated in the identifier field
The port range matching filters are:
- tcp portrange <p1>-<p2> or udp portrange <p1>-<p2>: TCP or UDP packets in the port range of p1 to p2
- tcp src portrange <p1>-<p2> or udp src portrange <p1>-<p2>: TCP or UDP packets in the source port range of p1 to p2
- tcp dst portrange <p1>-<p2> or udp src portrange <p1>-<p2>: TCP or UDP packets in the destination port range of p1 to p2
In addition to these filters, the following TCP flags can be used:
- tcp-urg: Used for TCP urgent pointer flag
- tcp-rst: Used for TCP reset pointer flag
- tcp-ack: Used for TCP acknowledgment pointer flag
- tcp-syn: Used for TCP sync pointer flag
- tcp-psh: Used for TCP push pointer flag
- tcp-fin: Used for TCP finish pointer flag