New to wireshark. I want to use the tool to figure out what traffic is being sent over the internet. I already know what protocol i am looking for. So i want to create a filter for IP destination outside my LAN and protocol==TCP. How would i accomplish this? Thanks in advance, Bob asked 06 Mar '15, 09:22 blentz |
One Answer:
Display filter "tcp && !ip.dst==192.168.1.0/24" where 192.168.1.0/24 is your LAN subnet. Substitute your actual LAN address range. answered 06 Mar '15, 09:47 Jim Aragon |
sorry but i don't understand the 0/24 - what is that? My lan subnet is 192.168.1.0-254
An IPv4 address is 32 bits (four bytes). The "/24" means we only care about the first 24 bits (the first three bytes). So "192.168.1.0/24" means any address that has 192.168.1 as the first three bytes. We don't care what the fourth byte is. So 192.168.1.0/24 is equivalent to 192.168.1.0-254.