🦈
Wiresharkフィルタービルダー
Wiresharkディスプレイフィルターを作成します。
Filter Preview
Generated Filter
Protocol Field Reference
TCP ▼
| tcp.port | Source or destination port |
| tcp.srcport | Source port |
| tcp.dstport | Destination port |
| tcp.seq | Sequence number |
| tcp.ack | Acknowledgment number |
| tcp.flags.syn | SYN flag |
| tcp.flags.ack | ACK flag |
| tcp.flags.fin | FIN flag |
| tcp.flags.rst | RST flag |
| tcp.window_size | Window size |
IP ▼
| ip.addr | Source or destination IP |
| ip.src | Source IP address |
| ip.dst | Destination IP address |
| ip.proto | Protocol number |
| ip.ttl | Time to live |
| ip.len | Total length |
| ip.version | IP version (4 or 6) |
HTTP ▼
| http.request | HTTP request |
| http.response | HTTP response |
| http.method | Request method (GET, POST, etc) |
| http.host | Host header value |
| http.uri | Request URI |
| http.user_agent | User-Agent header |
| http.status_code | Response status code |
| http.content_type | Content-Type header |
DNS ▼
| dns.qry.name | Query name |
| dns.qry.type | Query type (A, AAAA, MX, etc) |
| dns.resp.name | Response name |
| dns.resp.addr | Response address |
| dns.flags.response | Is response flag |
UDP ▼
| udp.port | Source or destination port |
| udp.srcport | Source port |
| udp.dstport | Destination port |
| udp.length | UDP length |
| udp.checksum | Checksum value |
TLS/SSL ▼
| tls.handshake.type | Handshake type |
| tls.record.content_type | Record content type |
| tls.alert.level | Alert level |
| tls.alert.desc | Alert description |
When to Use Each
| Display Filter | BPF Capture Filter |
|---|---|
| Applied after capture | Applied during capture |
| More flexible (deep packet inspection) | Faster performance |
| Can filter on any dissected field | Limited to link-layer headers |
| Use for: protocol analysis | Use for: reducing capture size |
Common Display Filter Examples
| Filter | Description |
|---|---|
ip.addr == 192.168.1.1 | Traffic to/from IP |
tcp.port == 80 | HTTP traffic |
http.request | Only HTTP requests |
dns.qry.type == 1 | A record queries |
tcp.flags.syn == 1 | TCP SYN packets |
frame.len > 1000 | Large frames |
Common BPF Examples
| Filter | Description |
|---|---|
host 192.168.1.1 | Traffic to/from host |
net 10.0.0.0/24 | Network range |
port 80 | Port 80 traffic |
tcp port 443 | HTTPS only |
not port 22 | Exclude SSH |
icmp | Ping traffic only |
Related Tools
IP Subnet Planner
Calculate IPv4/IPv6 subnets and ranges.
Curl Studio
Parse and generate curl commands.
DNS Record Reference
Interactive reference for DNS record types with syntax, examples, and command builders.
Port Reference
Searchable IANA port database with security risk levels and protocol filters.