@TOC
查询tcp
tcp
查询tcp握手请求的代码
tcp.flags.ack == 0
确定tcp握手成功的代码
tcp.flags.ack == 1
确定tcp连接请求的代码
tcp.flags.ack == 0 and tcp.flags.syn == 1
3次握手后确定发送成功的查询
tcp.flags.fin == 1
查询某IP对外发送的数据
ip.src_host == 192.168.73.134
查询某IP向某IP发送的数据
ip.src_host == 192.168.73.134 and ip.dst_host == 36.103.205.147
(ip.src_host == 192.168.73.134 and ip.dst_host == 36.103.205.147) or ( ip.src_host == 36.103.205.147 and ip.dst_host == 192.168.73.134)
