Wednesday, May 6, 2015

Set of usefull filters with wireshark

I believe all the listed filters in the below will be usefull for everyone, as it did for me. These are mainly about short listing the number of packets to be looked at during a session of analyzing a packet capture file.

Filter out a given source ip range
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255)

Filter out a given destination ip range
!(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)

Filter out both given source and destination ip ranges
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255)

Filter out Spanning-tree Protocol messages
!stp

Filter out loopback messages
!loop

Filter out the below IP range and the Spanning-tree Protocol messages
!(ip.src >= 175.157.7.0 && ip.src <= 175.157.7.255) || !(ip.dst >= 175.157.7.0 && ip.dst <= 175.157.7.255) && !stp

The format “ip.addr==175.157.7.0/24″ works now as well. That is a much cleaner solution.
!ip.addr==175.157.7.0/24 && !stp

0 comments: