This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

New to wireshark. I want to use the tool to figure out what traffic is being sent over the internet. I already know what protocol i am looking for. So i want to create a filter for IP destination outside my LAN and protocol==TCP. How would i accomplish this?

Thanks in advance,

Bob

asked 06 Mar '15, 09:22

blentz's gravatar image

blentz
6112
accept rate: 0%


Display filter "tcp && !ip.dst==192.168.1.0/24" where 192.168.1.0/24 is your LAN subnet. Substitute your actual LAN address range.

permanent link

answered 06 Mar '15, 09:47

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

sorry but i don't understand the 0/24 - what is that? My lan subnet is 192.168.1.0-254

(09 Mar '15, 08:18) blentz

An IPv4 address is 32 bits (four bytes). The "/24" means we only care about the first 24 bits (the first three bytes). So "192.168.1.0/24" means any address that has 192.168.1 as the first three bytes. We don't care what the fourth byte is. So 192.168.1.0/24 is equivalent to 192.168.1.0-254.

(09 Mar '15, 09:46) Jim Aragon
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×349
×33
×17
×1

question asked: 06 Mar '15, 09:22

question was seen: 2,684 times

last updated: 09 Mar '15, 09:46

p​o​w​e​r​e​d by O​S​Q​A