# 實用技巧

##### 通用語法

條件語法：

```
==
!=
>
<
>=
<=
in
```

邏輯語法：

```
&&  # AND
||      # OR
!       # NOT
```

常用篩選：

- type: host, port
- dir: src, dst
- proto: tcp, udp, ftp, http

##### SIP 相關

tcpdump

```shell
timeout 6m tcpdump -i eth0 host <sip-trunk-ip> -n -s 0 -vvvv  -w carrier.pcap
```

Wireshark

- 更多與 sip 有關的 filter 語法：[https://www.wireshark.org/docs/dfref/s/sip.html](https://www.wireshark.org/docs/dfref/s/sip.html)

只顯示 REGISTER 行，Filter: `sip.CSeq.method == REGISTER`

##### 其他

遠端監聽指令

```bash
ssh root@192.168.0.1 tcpdump -n -i any -w- 'not \( port 22 and host 192.168.0.1 \)' |etherape -r-
```

##### Filter 速查表

[![wireshark_filter.jpeg](https://osslab.tw/uploads/images/gallery/2022-11/scaled-1680-/wireshark-filter.jpeg)](https://osslab.tw/uploads/images/gallery/2022-11/wireshark-filter.jpeg)

[![Wireshark.png](https://osslab.tw/uploads/images/gallery/2023-09/scaled-1680-/wireshark.png)](https://osslab.tw/uploads/images/gallery/2023-09/wireshark.png)

For Cybersecurity

[![wireshark_filters_for_cybersecurity.jpg](https://osslab.tw/uploads/images/gallery/2024-09/scaled-1680-/wireshark-filters-for-cybersecurity.jpg)](https://osslab.tw/uploads/images/gallery/2024-09/wireshark-filters-for-cybersecurity.jpg)