double click option under Capture to choose a network interface
as ethernet or wifi
as soon as click, wireshark will start to capture all package send to or from current local host
promisicuous mode --enable by default, will capture all other packages from interface, which may not address at local host, just pass by Capture->Options
filter
if(filter is green):
it's valid expression
else:
invalid
tcp.port == 80
ip.dst == 192.168.1.1
ip.src == 192.168.1.1
tcp
ip
http or ip
not ip
http contains "200 OK"
网友评论