I am very new to WS. Have a general grasp of things but building expressions to use in a filter is giving me a lot of heartburn. Could someone please help me. Please remember I am not tech savvy. I need an expression for a capture filter that will do the following: 1) Capture TCP protocol and 2) Filter for ports 9501 to 9505 and 3) Filter unique source IP addresses I am able to go as far as TCP port 9501 ok but including remaining ports and filtering unique address is proving to be frustrating. Thanks in advance...Carlos asked 31 Mar '12, 08:51  cafeics |
One Answer:
To provide a concrete example, I'll assume the source IP address of the host you want to filter on is 192.168.1.1. In this case, you can use the following filter: If you want your capture filter to match more than one IP address, then you can For more help on capture filters, refer to the pcap-filter man page. The Wireshark CaptureFilters wiki page also has some examples. answered 31 Mar '12, 09:47  cmaynard ♦♦ |
