This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Help with “NOT” display filter

0

Hello,

Sorry I'm a bit rusty and have tried a few expressions but I need to filter traffic on these 2 subnets but exclude IPs 192.168.138.33 and 192.168.138.34

ip.addr==192.168.138.0/24 || ip.addr==192.168.115.0/24 not ip.addr eq 192.168.138.34 not ip.addr eq 192.168.138.33

This above isn't working, what have I missed?

Thanks

asked 22 Sep '15, 04:22

gonzo's gravatar image

gonzo
6445
accept rate: 0%

The && operator (and some parentheses) as per Jim Aragon's answer.

(22 Sep '15, 15:01) Guy Harris ♦♦

One Answer:

1

(ip.addr==192.168.138.0/24 || ip.addr==192.168.115.0/24) && (not ip.addr==192.168.138.34 && not ip.addr==192.168.138.33)

The change from "eq" to "==" in the second part of the filter is strictly cosmetic, to agree with your use in the first part. Either version of the operator can be used interchangeably.

answered 22 Sep '15, 04:37

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%