Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-10-19 14:06:53 +0000

SYN-bit gravatar image

At first I thought you meant to capture only traffic between 10.86.50.153 and 10.86.50.152. But your comment to the other answer invalidates that assumption :-)

Do I understand you correctly that you want to capture:

  • All traffic to/from the host with IP address 10.86.50.152 and also
  • All traffic to/from the host with IP address 10.86.50.153?

In that case you can use the filter (host 10.86.50.152 or host 10.86.50.153) and port 445

... or even shorter, as both addresses form a clean /31 'subnet': net 10.86.50.152/31 and port 445

If this does not work, could you please elaborate on which IP combinations you do want to capture and which IP combinations you don't want to capture?