Filter on mac and ip address
Hi all,
I'm pretty new to Wireshark, I'm trying to filter out all packet for a specific ip and from a specific mac. My filter:
not (eth.src == 00:50:56:b7:8d:f8) && ip.dst==172.22.21.195
As result I see all packet from 00:50:56:b7:8d:f8 and destinated to 172.22.21.195
Do you mean "filter out all packets sent to a specific IP address from a specific MAC address", i.e. "all packets with this IP destination and this MAC source), or "filter out all packets sent to a specific IP address and all packets from a specific MAC address", i.e. "all packets with this IP destination or this MAC source"?
Hi, i mean all packets with this IP destination and MAC source different from the specified
Do you mean that, if there's a packet that has 172.22.21.195 as its IP destination address and that has 00:50:56:b7:8d:f8 as its MAC source address, you wouldn't want to see it?
Or do you mean that both
and
Those aren't the same - the second one will filter out a packet from a MAC address of 00:50:56:b7:8d:f8 and an IP destination address of 172.22.21.100, but the first one ...(more)
Hi Harris, thanks for your help, I try to explain my use case better. I suppose to have a layer 2 problem, so i need to understand if there are packets that has source mac different from the one that I've specified and destination ip address equals for example to 172.21.21.21
If i found some packets at that conditions i've a problem, maybe now is more clear