Is it possible to filter for a continuous range of ports?

Let's say I want to filter traffic on a range of ports like , e.g 21100 to 21299

Is it possible to specify a range in the filter?


2 Answers

You didn't specify if you wanted a capture filter or Wireshark display filter, but it's possible either way, albeit with different syntax.

For the capture filter, you can use portrange 21100-21299, and you can refer to the pcap-filter man page for more information on capture filters.

For the display filter, you'd use something like tcp.port >= 21100 && tcp.port <= 21299, and keep in mind here that port in this context refers to either the source port or the destination port. Alternatively, and more succinctly, you could use the membership operator as in, tcp.port in {21100 .. 21299}.

NOTE: Replace tcp with udp if that's the transport applicable for your use case.

For more information on Wireshark display filters, refer to the wireshark-filter man page.

Thanks much!

Display filter: tcp.port in {443 4430..4434} (Membership Operator in User's Guide)

Capture filter: portrange 1-1000 (See portrange in pcap-filter man page)

I guess I'm too slow typing and linking. Once again you posted your answer while I was still constructing mine. I wish Ask would warn me when this happens.

The more, good information the better. :-)

Chuckc is a machine :-)

