Microsoft Network Monitor抓包过滤http包 |
您所在的位置:网站首页 › microsoft network monitor 34 › Microsoft Network Monitor抓包过滤http包 |
过滤所有http协议包 HTTP 局域网内直接使用"http"过滤有可能出现很多sddp数据包,因此可以使用以下过滤条件过滤更纯净的http数据包: HTTP and tcp ProtocolName == "HTTP" 过滤HTTP请求方法 HTTP.Request.Command == "GET"//过滤http get请求包HTTP.Request.Command == "POST"//过滤http post请求包 过滤UserAgent HTTP.Request.HeaderFields.UserAgent == "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1″ 过滤HTTP头中host字段值为blog.lishewen.com的包 HTTP.Request.HeaderFields.Host == "blog.lishewen.com" 过滤http头中的cookie字段 HTTP.Request.HeaderFields.Cookie == "k2=v2; k1=v1″ 过滤HTTP响应的状态码 HTTP.Response.StatusCode == "200″ //过滤状态码是200的http包 过滤HTTP响应中的ContentLength HTTP.Response.HeaderFields.ContentLength == "48414536″ 过滤http请求中的Connection HTTP.Request.HeaderFields.Connection == "Close" HTTP.Request.HeaderFields.DefaultName == "no-cache" //过滤"cache-control:no-cache"的包 HTTP.Request.HeaderFields.DefaultName == "blog.lishewen.com" //过滤referer是www.6san.com的包 HTTP.Request.HeaderFields.DefaultName == "bytes=38715392-48414535″ //过滤HTTP请求头中的Range: bytes=29032448-38731775 HTTP.Response.HeaderFields.DefaultName == "bytes 38715392-48414535/48414536″ //HTTP响应头中的Range HTTP.Request.HeaderFields.DefaultName == "*/*"//过滤http头中的Accept: */* HTTP.Response.HeaderFields.Server == "nginx/1.2.4″ //过滤http响应头Server: nginx/1.2.4 HTTP.Request.HeaderFields.ProxyAuthorization 不写对应的值表示过滤所有含有该HTTP头的HTTP包 HTTP.Request.HeaderFields.Cookie //过滤所有HTTP头中包含cookie字段的HTTP包 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |