用Sniff 监听指定的IP和端口号的写法：

用Sniff 监听指定的IP和端口号的写法：
可以通过抓包过滤Capture Filer或者
显示过滤Display  Filer实现

在其中的一个设置里增加如下命令即可：
include:remote:all:你要监听的IP
include:remote:all:你要监听的端口号 1000
我已经试验过了，是成功的

只抓自己指定的IP，将其他的IP全部排除在外
include :remote:tcp:192.168.1.47
exclude:remote:all:0.0.0.0-192.168.1.46
exclude:remote:all:192.168.1.48-999.999.999.999

------------------------------------------------

Display  Filer里：
//include:remote:tcp:1110
exclude:both:udp:1-65535
Capture Filer里：
include:remote:tcp:202.108.33.32
//include:remote:tcp:1110

------------------------------------------------
抓固定IP的包：
include:remote:all:218.30.108.187
抓制定端口的包：
include:remote:all:89

------------------------------------------------

帮助文档原文：

Capture and Display Filters

Starting from version 1.10, you can filter unwanted TCP/IP activity during the capture process (Capture Filter), or when displaying the captured TCP/IP data (Display Filter).
For both filter types, you can add one or more filter strings (separated by spaces or CRLF) in the following syntax:

[include | exclude] : [local | remote | both] : [tcp | udp | tcpudp | icmp | all] : [IP Range | Ports Range]

Here's some examples that demonstrate how to create a filter string:

Notice: A single filter string must not include spaces !

Display only packets with remote tcp port 80 (Web sites):
include:remote:tcp:80
Display only packets with remote tcp port 80 (Web sites) and udp port 53 (DNS):
include:remote:tcp:80
include:remote:udp:53
Display only packets originated from the following IP address range: 192.168.0.1 192.168.0.100:
include:remote:all:192.168.0.1-192.168.0.100
Display only TCP and UDP packets that use the following port range: 53 - 139:
include:both:tcpudp:53-139
Filter most BitTorrent packets (port 6881):
exclude:both:tcpupd:6881
Filter all ICMP packets (Ping/Traceroute activity):
exclude:both:icmp

Notice: A single filter string must not include spaces !