Hey, I haven't been able to get this filter to work. Im trying to use multiple IP ranges. 4 of them. I have been trying to use net Ex. net 192.168.0.0/88 but I want to use multiple at one time (net 192.168.0.0/88 and net 192.168.1.0/99 and net 192.168.2.0/77 and net 192.168.3.066) I have tried (net 192.168.0.0/88) and (net 192.168.1.0/99) and (net 192.168.2.0/77) and (net 192.168.3.066) What am I missing? asked 21 Mar '11, 08:12  hmacken |
2 Answers:
Just as Joke has said, you need to use "or" instead of "and" to collect packets from one of the given subnets. Regarding the subnet masks, what are the subnets exactly, as 192.168.0.0/88 is indeed an invalid notation. There are only 32 bits in an IPv4 address, so having a network mask of 88 bits is not possible. If you would like to collect packets for all 4 C-class subnets, you will have to use: Which of course can be shortened to If you only need parts of these subnets, for instance only the first 16 ip addresses of each subnet, you can use: answered 21 Mar '11, 09:49  SYN-bit ♦♦ |
Use or instead of and: answered 21 Mar '11, 08:50  joke Invalid capture filter: "net IP or net IP or net IP or net IP" That string isnt a valid capture filter (mask length must be <=32) Any ideas? (21 Mar '11, 09:33) hmacken |
I suppose I was reading the wiki incorrect then. im looking for a capture string for something like this
• 10.24.19.75 thru .87 • 10.22.20.77 thru .90
Any help here?
BPF syntax does not have a range for IP addresses, just hosts and (sub)nets. You will have to break up the ip-address range into a set of subnets and hosts.