I believe all the listed filters in the below will be usefull for everyone, as it did for me. These are mainly about short listing the number of packets to be looked at during a session of analyzing a packet capture file.
Filter out a given source ip range
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255)
Filter out a given destination ip range
!(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)
Filter out both given source and destination ip ranges
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)
Filter out Spanning-tree Protocol messages
!stp
Filter out loopback messages
!loop
Filter out the below IP range and the Spanning-tree Protocol messages
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255) && !stp
The format “ip.addr==175.157.7.0/24″ works now as well. That is a much cleaner solution.
!ip.addr==175.157.7.0/24 && !stp
Filter out a given source ip range
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255)
Filter out a given destination ip range
!(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)
Filter out both given source and destination ip ranges
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)
Filter out Spanning-tree Protocol messages
!stp
Filter out loopback messages
!loop
Filter out the below IP range and the Spanning-tree Protocol messages
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255) && !stp
The format “ip.addr==175.157.7.0/24″ works now as well. That is a much cleaner solution.
!ip.addr==175.157.7.0/24 && !stp