How can I filter-out a range of IP Addresses belonging to a given subnet (and not the whole subnet)

retag add tags

Let's say I have a subnet defined as 10.223.105.0/24 and that I want to discard any message originating from addresses 10.223.105.17 through 10.223.105.123.

How can I do that?

Documentation shows that operators <, <=, > and >= can be used with single-number values like frame.len but how can it be used with IP Addresses? Can they directly handle a IP Address in the 10.223.105.22 format? Do we have to use the numerical value of the IP Address and compare it to a 32-bit number? If so, how should every field of the IP Address be mapped into that 32-bit number?

Francois Fournier

asked 2019-03-14 12:37:26 +0000

edit flag offensive 0 remove flag close merge delete

Comments

If you want to discard packets originating from that IP address range, then it sounds like you'd be more interested in a capture filter than a Wireshark display filter. Is that the case?

cmaynard (2019-03-14 16:49:41 +0000) edit

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

How can I filter-out a range of IP Addresses belonging to a given subnet (and not the whole subnet) edit

Comments

1 Answer

Comments