本文介绍了Wireshark:在GUI中按组播过滤的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

使用Wireshark GUI中的Wireshark过滤器"字段,我想过滤捕获结果,以便仅显示多播数据包.

Using the Wireshark "Filter" field in the Wireshark GUI, I would like to filter capture results so that only multicast packets are shown.

我看过这篇文章,但不适用于GUI过滤器字段. 此Wireshark页面显示了如何过滤掉多播,但没有过滤所有 but 多播.

I've seen this post but that doesn't work for the GUI filter field. This Wireshark page shows how to filter out multicast, but not how to filter everything but multicast.

有人知道一个简单的语句可以做到这一点吗?

Does anyone know of a simple statement that will do this?

提前谢谢!

推荐答案

只需使用此(eth.dst[0] & 1)即可.组播流量由MAC地址的最高有效字节的最低有效位识别.如果为1,则为多播,如果为0,则为非.

Just use this (eth.dst[0] & 1) . Multicast traffic is recognized by the least significant bit of the most significant byte of the MAC address. If 1, multicast, if 0, not.

这篇关于Wireshark:在GUI中按组播过滤的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-08 16:09