Ask Your Question
0

How can I filter-out a range of IP Addresses belonging to a given subnet (and not the whole subnet)

asked 2019-03-14 12:37:26 +0000

Let's say I have a subnet defined as 10.223.105.0/24 and that I want to discard any message originating from addresses 10.223.105.17 through 10.223.105.123.

How can I do that?

Documentation shows that operators <, <=, > and >= can be used with single-number values like frame.len but how can it be used with IP Addresses? Can they directly handle a IP Address in the 10.223.105.22 format? Do we have to use the numerical value of the IP Address and compare it to a 32-bit number? If so, how should every field of the IP Address be mapped into that 32-bit number?

edit retag flag offensive close merge delete

Comments

If you want to discard packets originating from that IP address range, then it sounds like you'd be more interested in a capture filter than a Wireshark display filter. Is that the case?

cmaynard gravatar imagecmaynard ( 2019-03-14 16:49:41 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-03-14 15:16:52 +0000

grahamb gravatar image

Did you try it?

You can indeed use > et all on ip addresses directly, no need to convert to a number. I prefer to view my filter as to what should be filtered "in", so that's everything with a source address less than 10.223.105.17 or greater than .123 giving:

ip.src < 10.223.105.17 || ip.src > 10.223.105.123
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2019-03-14 12:37:26 +0000

Seen: 259 times

Last updated: Mar 14 '19