This is a static archive of our old Q&A Site. Please post any new questions and answers at

how to add ip and port source and ip port destination for filter?


how to add ip and port source and ip port destination for filter?

How to monitoring sorce Ip and port /destination ip and port for filter in wireshark?

asked 09 Jun '16, 07:50

anderson_araujo's gravatar image

accept rate: 0%

Is this for a capture filter or a display filter?

Have you looked at the user guide sections on filtering when capturing and filtering when viewing?

What have you tried?

(09 Jun '16, 08:11) grahamb ♦

I need to monitor the response time of several communications from a server. Requests from other applications on other servers And requests within the own server

How do I add the monitoring processes?

Localhost = server1

localhost for server2 and port localhost for server3 and port

localhost port 9443 for localhost port 9444 localhost port 9444 for localhost port 9443

(09 Jun '16, 08:25) anderson_araujo

One Answer:


I think you'll have some reading to do:

What you're looking at is creating (display) filter expressions with ip.src and ip.dst, and tcp.srcport and tcp.dstport or udp.srcport and udp.dstport.

When you want to filter during capture the BPF expression elements are ip src and ip dst, and port.

answered 09 Jun '16, 08:16

Jaap's gravatar image

Jaap ♦
accept rate: 14%

...and maybe you also need to adjust your understanding of how Wireshark works:

How do I add the monitoring processes?

You do not set up individual monitoring processes, one per socket pair, in Wireshark; you use a single process to monitor all the traffic on one or more interfaces, and you may optionally use a capture filter to control which frames will be stored to the capture file. When you analyse the capture later, you may use a display filter to further restrict the number of packets shown.

(10 Jun '16, 03:25) sindy