Hey there, I have a predefined filter which looks approximately like Basically the IP ranges are SIP and config servers that are contacted. On the interface I'm tracing there will be a lot of clients that will try to do exactly what I'm filtering for and thus I only like to have the traffic which matches this rule AND my own client IP address. I have a button that applies this filter as a predefined display filter. I then usually add the client IP (which I read from the clients UI or I see it appearing in the list, or both) by adding "AND ip.addr == clientip". However it would save me some minutes per day and maybe some hours per year if i could simply add the IP to the filter by performing a click on a packet from my client that appears in the trace. I know there is "prepare filter" -> "and". But it will either (depending on what IP I selected) add "ip.dst" or "ip.src". That will either hide away the packets coming back from the server or the ones that the client sent itself. Is there an elegant way to solve this? TL;DR: have a predefined filter that needs to be combined with "AND ip.addr == $selected-client-ip", how to do it easily? asked 11 May '16, 14:09  aslmx edited 11 May '16, 14:45  Jaap ♦ |
One Answer:
Go into preferences, select "Protocols", check "Display hidden protocol items". Then go back to your capture and do the same "Prepare filter" -> "...and Selected" trick, but now use it on the previously hidden field ip.host. answered 11 May '16, 14:48 Jaap ♦ |
Thanks. This is what i was looking for. What a pity it has been hidden so carefully...