First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Why ip == anything is a valid filter? and what does it mean

Why filters like ip == anything, ipv6 == anything, tcp == anything, http == anything, etc, any_protocol == anything are valid? What do they represent, is there any use case for these filters.

Dragos's avatar
1
Dragos
asked 2021-02-19 14:49:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

You can use such filters to match the packet bytes, if you wish. For example:

tcp == e1:90:1f:90:c0:99:3f:0f:5b:f7:83:25:50:10:04:02:e1:eb:00:00

How useful is that? I don't know. Wireshark merely provides you with the ability to filter just about anything you want, but it's up to the user to decide what's useful or not. Other filters besides equality might be more useful though, for example:

dns contains "wireshark"
cmaynard's avatar
11.1k
cmaynard
answered 2021-02-19 17:39:24 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer