Ethereal-users: [Ethereal-users] Re: [Ethereal-bugs] [Bug 538] New: Filtering a specific IP Addr

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 17 Oct 2005 20:48:45 -0700
bugzilla-do-not-reply@xxxxxxxxxxxx wrote:


Hi! This is not really a report of any bugs I discovered in your system


Then it shouldn't be filed as a bug...


but I
just would like to ask for your help in ways of capturing a filter.


...it should, instead, be mailed to ethereal-users@xxxxxxxxxxxx.


I would like
to capture the network usage of the host with the IP that starts with 9. May it
be 9.187.110.12 or 9.68.237.226. Is there a way for this to be possible?
The tcpdump man page describes the capture filter syntax. If you want to capture only traffic going to or from hosts on the 9.x.x.x network, the man page says you should do: 

      net net/len
             True  if  the  IPv4/v6 address matches net with a netmask
             len bits wide.  May be qualified with src or dst.

"net 9.0.0.0/8", or

      net net mask netmask
             True if the IP address matches net with the specific net-
             mask.  May be qualified with src or dst.  Note that  this
             syntax is not valid for IPv6 net.

"net 9.0.0.0/255.0.0.0".
If you've already captured the traffic, and you want to limit the display to show only traffic to and from hosts on the 9.x.x.x network, you would do 

	ip.addr == 9.0.0.0/8