I'm looking for the syntax to do a capture filter on WireShark, by capturing the traffic on several (specific) IP addresses. I understand how to capture a range, and an individual IP address. However, the application I am capturing on is spread of a 'bucket' of IP addresses/servers, of which other applications are based within the same range. See my example: ECommerce App Servers: 192.168.1.2, 192.168.1.3, 192.168.1.4. - This is what I want to capture on (filtered on these exact IPs) I have tried 'host 192.168.1.2 host 192.168.1.3' etc. There are other applications within this range, e.g. PayRoll App is on 192.168.1.5, and I don't want to see any of this in my capture. Therefore 'net 192.168.1.0/24' to capture the whole range will not work for me. an anyone provide me the syntax? Is it even possible? asked 13 Jun '11, 08:08  scankified |
One Answer:
Yes, you can use the capture filter: Or even shorter: If you want to capture a whole subnet, but one IP, you can use: Hope this helps! answered 13 Jun '11, 08:14  SYN-bit ♦♦ edited 13 Jun '11, 10:37 |
This codes not working host ip and others I using a 1.12.8 version
What's not working? Note you should really raise your own question, not piggy back on another, and in it show the exact filter that doesn't work for you