This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture Filter Multiple IP Addresses

0

Hello,

I need to capture all the traffic from 12 IP addresses. I am using WS1.8 and running on Windows 2003. These are all on an internal network with 4 separate sub-nets (10.128.12.xx, 10.128.80.xx, 10.128.56.xx, 10.128.20.xx). On the first sub-net, I need to specify 2 IPs directly, on the remaining sub-nets I could grab all the traffic from the sub-net.

I have tried to enter them as by stringing together "host 10.128.xx.xx and host 10.128.xx.xx ...." but there seems to be too many.

I have tried net 10.128.xx.xx/x but the dialog remains red.

Thank you in advance for any help!

Ron

asked 08 May '13, 06:34

Mechron's gravatar image

Mechron
11112
accept rate: 0%


One Answer:

4

I have tried to enter them as by stringing together "host 10.128.xx.xx and host 10.128.xx.xx ...." but there seems to be too many.

you can't use and as that will only capture packets where all conditions are fulfilled, which will never be the case (think about the src ip and dst ip of a packet!).

Please use or instead.

If you want to capture a whole network, your must use net instead of host

net 10.128.0.0/24 or net 10.129.0.0/24 or host 10.1.2.3 or host 10.2.3.4

Regards
Kurt

answered 08 May '13, 07:06

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 08 May '13, 14:06