Ask Your Question
0

Using ip.host matches "^10\." doesn't recognize \. as a period [closed]

asked 2021-07-27 17:28:22 +0000

I'm trying to filter Ip addresses by certain parts. For example, I want to get all Ip addresses where the first octet is 10. The problem is that when I try ip.host matches "^10." its also brings up all addresses that start with 100-109. For example, if I was searching using ip.host matches "^10." and would bring up 10.0.0.1, but it might also bring up 104.0.0.1. The desired result would be for it to only bring up addresses that have 10 in the first octet.

How do I get the desired result?

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by valerie.lidiak
close date 2021-07-27 17:48:30.012999

1 Answer

Sort by ยป oldest newest most voted
2

answered 2021-07-27 17:36:02 +0000

Chuckc gravatar image

updated 2021-07-27 17:38:10 +0000

There are examples of this in the Wireshark User's Guide:

http.host matches "acme\\.(org|com|net)"
The display filter above matches HTTP packets where the HOST header contains acme.org, acme.com, or acme.net. Comparisons are case-insensitive.

WSUG: 6.4.2. Comparing Values
"Another common pitfall is using . instead of \. in a regular expression. The former will match any character (the backslash is superfluous) while the latter will match a literal dot."

Try: ip.host matches "^10\\."

(xkcd 1638: Backslashes)

edit flag offensive delete link more

Comments

Thank you! I completely missed that

valerie.lidiak gravatar imagevalerie.lidiak ( 2021-07-27 17:47:46 +0000 )edit

Question Tools

Stats

Asked: 2021-07-27 17:28:22 +0000

Seen: 560 times

Last updated: Jul 27 '21