Ask Your Question

I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

asked 2019-05-25 09:12:31 +0000

Cougar gravatar image

updated 2019-05-25 09:13:53 +0000

Hello, The title almost says it all. I would've thought this would be easy but to me it is not, I am no educated internet genesis. Here is an example of what I thought it should look like.

"ip == && ip =="

But of course that above does not work! Protocol does not matter, just those two IPs. Here is another one.

"ip == && domain"

The first IP would be mine, the second one would be of my choice, ip or www. I have searched this to death with no luck!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-05-25 10:23:36 +0000

host and host

host and host

Please also check this reference for other details.

edit flag offensive delete link more


Thank you! That worked! I tried to add a 3rd ip, .com to that but it of course did not work. Is it possible to do 3 IPs, .com? The 3rd IP, .com is a DNS server. Again thank you!

Cougar gravatar imageCougar ( 2019-05-25 13:29:07 +0000 )edit

That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the same AND clause you demand all 3 IPs to be present in one packet.

So if you want to add 2nd destination, use this:

host and (host or host
Packet_vlad gravatar imagePacket_vlad ( 2019-05-25 14:29:14 +0000 )edit

Thank you! Thank you! Thank you! That has cleaned up my packets capturing, no more having to did through those pcap files!

Cougar gravatar imageCougar ( 2019-05-25 14:51:25 +0000 )edit

You're welcome!

Packet_vlad gravatar imagePacket_vlad ( 2019-05-25 17:10:47 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2019-05-25 09:12:31 +0000

Seen: 397 times

Last updated: May 25 '19