Ask Your Question
0

I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

asked 2019-05-25 09:12:31 +0000

Cougar gravatar image

updated 2019-05-25 09:13:53 +0000

Hello, The title almost says it all. I would've thought this would be easy but to me it is not, I am no educated internet genesis. Here is an example of what I thought it should look like.

"ip == 0.0.0.0 && ip == 0.0.0.0"

But of course that above does not work! Protocol does not matter, just those two IPs. Here is another one.

"ip == 0.0.0.0 && domain name.com"

The first IP would be mine, the second one would be of my choice, ip or www. I have searched this to death with no luck!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-05-25 10:23:36 +0000

host 1.1.1.1 and host 2.2.2.2

host 1.1.1.1 and host name.com

Please also check this reference for other details.

edit flag offensive delete link more

Comments

Thank you! That worked! I tried to add a 3rd ip, .com to that but it of course did not work. Is it possible to do 3 IPs, .com? The 3rd IP, .com is a DNS server. Again thank you!

Cougar gravatar imageCougar ( 2019-05-25 13:29:07 +0000 )edit
1

That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the same AND clause you demand all 3 IPs to be present in one packet.

So if you want to add 2nd destination, use this:

host 1.1.1.1 and (host name.com or host name1.com)
Packet_vlad gravatar imagePacket_vlad ( 2019-05-25 14:29:14 +0000 )edit

Thank you! Thank you! Thank you! That has cleaned up my packets capturing, no more having to did through those pcap files!

Cougar gravatar imageCougar ( 2019-05-25 14:51:25 +0000 )edit

You're welcome!

Packet_vlad gravatar imagePacket_vlad ( 2019-05-25 17:10:47 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-05-25 09:12:31 +0000

Seen: 37 times

Last updated: May 25