![]() For example, when connecting to 192.168.5.254 from 192.168.5.22, ip.addr != 192.168.5.22 doesn't match *.22 IP, it matches *.254 and thus the packet matches the filter expression. Here's a complete example to filter http as well: not ip.addr = 192.168.5.22 and not tcp.dstport = 80 Please post any new questions and answers at. I can successfully filter for two IPs, ip.addrx.x.x.x & ip.addry.y.y.y. Tcp.dstport != 80 suffers from a similar problem having tcp.dstport != 80 turns out to mean "match ONLY tcp traffic, but only tcp that is not dstport = 80" Whether host 172.16.10.202, which is a capture filter, or ip.addr 172.16.10.202, which is a display filter, is accepted as a filter depends only on where you specify the filter.īut trying to filter the display so that it shows three IPs results in the majority of the capture being displayed. While not strictly your question, I prefer to do filtering in the capture filter (double click the interface name in the capture-options dialog), whose syntax is exactly like tcpdump. It makes the capture take less memory and disk by avoiding capturing packets you're telling it to ignore. ![]() The downside is those packets are not captured if you later want to inspect them and you can't change the filter selected this way during a capture session. For example, to keep from capturing http and ssh traffic to/from any host and any packets to or from 192.168.5.22, not host 192.168.5.22 and not port 80 and not port 22 If you only wanted to filter http traffic to and from that host, you could do this: not (host 192.168.5.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |