用Sniff 监听指定的IP和端口号的写法:
可以通过抓包过滤Capture Filer或者
显示过滤Display Filer实现
在其中的一个设置里增加如下命令即可:
include:remote:all:你要监听的IP
include:remote:all:你要监听的端口号 1000
我已经试验过了,是成功的
只抓自己指定的IP,将其他的IP全部排除在外
include :remote:tcp:192.168.1.47
exclude:remote:all:0.0.0.0-192.168.1.46
exclude:remote:all:192.168.1.48-999.999.999.999
------------------------------------------------
Display Filer里:
//include:remote:tcp:1110
exclude:both:udp:1-65535
Capture Filer里:
include:remote:tcp:202.108.33.32
//include:remote:tcp:1110
------------------------------------------------
抓固定IP的包:
include:remote:all:218.30.108.187
抓制定端口的包:
include:remote:all:89
------------------------------------------------
帮助文档原文:
Capture and Display Filters
Starting from version 1.10, you can filter unwanted TCP/IP activity during the capture process (Capture Filter), or when displaying the captured TCP/IP data (Display Filter).
For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax:
[include | exclude] : [local | remote | both] : [tcp | udp | tcpudp | icmp | all] : [IP Range | Ports Range]
Here's some examples that demonstrate how to create a filter string:
Notice: A single filter string must not include spaces !
Display only packets with remote tcp port 80 (Web sites):
include:remote:tcp:80
Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS):
include:remote:tcp:80
include:remote:udp:53
Display only packets originated from the following IP address range: 192.168.0.1 192.168.0.100:
include:remote:all:192.168.0.1-192.168.0.100
Display only TCP and UDP packets that use the following port range: 53 - 139:
include:both:tcpudp:53-139
Filter most BitTorrent packets (port 6881):
exclude:both:tcpupd:6881
Filter all ICMP packets (Ping/Traceroute activity):
exclude:both:icmp
Notice: A single filter string must not include spaces !
