Ask Your Question

How can I filter-out a range of IP Addresses belonging to a given subnet (and not the whole subnet)

asked 2019-03-14 12:37:26 +0000

Let's say I have a subnet defined as and that I want to discard any message originating from addresses through

How can I do that?

Documentation shows that operators <, <=, > and >= can be used with single-number values like frame.len but how can it be used with IP Addresses? Can they directly handle a IP Address in the format? Do we have to use the numerical value of the IP Address and compare it to a 32-bit number? If so, how should every field of the IP Address be mapped into that 32-bit number?

edit retag flag offensive close merge delete


If you want to discard packets originating from that IP address range, then it sounds like you'd be more interested in a capture filter than a Wireshark display filter. Is that the case?

cmaynard gravatar imagecmaynard ( 2019-03-14 16:49:41 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2019-03-14 15:16:52 +0000

grahamb gravatar image

Did you try it?

You can indeed use > et all on ip addresses directly, no need to convert to a number. I prefer to view my filter as to what should be filtered "in", so that's everything with a source address less than or greater than .123 giving:

ip.src < || ip.src >
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-03-14 12:37:26 +0000

Seen: 226 times

Last updated: Mar 14 '19