Tha*_*ers 19
假设它是http网站流量,试试吧 http.host contains ".com"
更好的是,试试吧 http.host matches "\.com$"
因为他们在网络主机上搜索,所以都不会要求DNS解析.
来自http://wiki.wireshark.org/DisplayFilters
The matches operator makes it possible to search for text in string fields
and byte sequences using a regular expression, using Perl regular expression
syntax. Note: Wireshark needs to be built with libpcre in order to be able to
use the matches operator.