I'm looking for the best way to do a many to many comparison in wireshark. In this case I want to limit the display filter to only show internal only traffic.
This way doesn't work
(ip.src && ip.dst) == (192.168.0.0/16 || 172.16.0.0/12 || 10.0.0.0/8)
And while this other way works, it will become very difficult to read and manage once you start adding your individual exclusions from vpns and add in your dmz(s)
(ip.src == 192.168.0.0/16 || ip.src == 172.16.0.0/12 || ip.src == 10.0.0.0/8) && (ip.dst == 192.168.0.0/16 || ip.dst == 172.16.0.0/12 || ip.dst == 10.0.0.0/8)
Also I know this specific case should probably a capture filter instead, I'm just using this as an example to explore this question for display filters since they're more widely used for a lot of things.
And a side question, how do I save a display filter expression for common use?
