Packet sniffer: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
| Line 7: | Line 7: | ||
Filter at Wireshark 1.6.5 | Filter at Wireshark 1.6.5 | ||
* full request URI: ex: {{kbd | key=ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" }} (where the domain www.example.com was mapping to IP: 127.0.0.1) ok | * full request URI: ex: {{kbd | key=ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" }} (where the domain www.example.com was mapping to IP: 127.0.0.1) ok | ||
* partial URI path: ex: {{kbd | key=http.request.uri matches "/folder/file.mp4"}}, {{kbd | key=http.request.uri matches "file.mp4"}}, {{kbd | key=http.request.uri matches "mp4"}} ok | * partial URI path: | ||
** ex: {{kbd | key=http.request.uri matches "/folder/file.mp4"}}, {{kbd | key=http.request.uri matches "file.mp4"}}, {{kbd | key=http.request.uri matches "mp4"}} ok | |||
** ex: {{kbd | key=tcp and ip.src== 127.0.0.1 }} | |||
* wildcat: ex: {{kbd | key=http.request.uri matches "*.mp4" }} not work {{exclaim}} | * wildcat: ex: {{kbd | key=http.request.uri matches "*.mp4" }} not work {{exclaim}} | ||
Revision as of 11:26, 17 May 2013
case: try to find mp4 file
keyword filter at URL Snooper v.2.30.01
- full request URI: ex: http://www.example.com/folder/file.mp4 ok
- partial URI path: ex: /folder/file.mp4, file.mp4, mp4 ok
- wildcat: ex: *.mp4 not work
Filter at Wireshark 1.6.5
- full request URI: ex: ip.dst == 127.0.0.1 and http.request.uri matches "upload2/letsgo.mp4" (where the domain www.example.com was mapping to IP: 127.0.0.1) ok
- partial URI path:
- ex: http.request.uri matches "/folder/file.mp4", http.request.uri matches "file.mp4", http.request.uri matches "mp4" ok
- ex: tcp and ip.src== 127.0.0.1
- wildcat: ex: http.request.uri matches "*.mp4" not work
software list
URL Snooper v.2.30.01
- live sniffer: ok
- save as file: n/a
- time stamp: n/a
Wireshark 1.6.8
- live sniffer: ok
- save as file: ok
- time stamp: ok
reference
resources