First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

  • retag add tags

Hello, The title almost says it all. I would've thought this would be easy but to me it is not, I am no educated internet genesis. Here is an example of what I thought it should look like.

"ip == 0.0.0.0 && ip == 0.0.0.0"

But of course that above does not work! Protocol does not matter, just those two IPs. Here is another one.

"ip == 0.0.0.0 && domain name.com"

The first IP would be mine, the second one would be of my choice, ip or www. I have searched this to death with no luck!

Cougar's avatar
7
Cougar
asked 2019-05-25 09:12:31 +0000, updated 2019-05-25 09:13:53 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0
host 1.1.1.1 and host 2.2.2.2

host 1.1.1.1 and host name.com

Please also check this reference for other details.

Packet_vlad's avatar
1.1k
Packet_vlad
answered 2019-05-25 10:23:36 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you! That worked! I tried to add a 3rd ip, .com to that but it of course did not work. Is it possible to do 3 IPs, .com? The 3rd IP, .com is a DNS server. Again thank you!

Cougar's avatar Cougar (2019-05-25 13:29:07 +0000) edit
more
  • delete
1

That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the same AND clause you demand all 3 IPs to be present in one packet.

So if you want to add 2nd destination, use this: 

host 1.1.1.1 and (host name.com or host name1.com)
Packet_vlad's avatar Packet_vlad (2019-05-25 14:29:14 +0000) edit
more
  • delete

Thank you! Thank you! Thank you! That has cleaned up my packets capturing, no more having to did through those pcap files!

Cougar's avatar Cougar (2019-05-25 14:51:25 +0000) edit
more
  • delete

You're welcome!

Packet_vlad's avatar Packet_vlad (2019-05-25 17:10:47 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer