Wireshark · Wireshark-dev: Re: [Wireshark-dev] How to set up the display filter?

Wireshark-dev: Re: [Wireshark-dev] How to set up the display filter?

From: Peter Wu <lekensteyn@xxxxxxxxx>

Date: Mon, 03 Mar 2014 11:14:11 +0100

On Monday 03 March 2014 16:25:06 我想不无聊 wrote:
> I just captured WLAN packets with wireshark, I want to display the packets
> whose source address is 10.0.1.128 ,what is the display filter
> expression?thanks.

The manual page of wireshark-filter(4) has an example for this. Adapter for 
your case:

    ip.src == 10.0.1.128

If you only need packets from this IP, consider setting a capture filter.

    dumpcap -i eth0 -w capture.pcapng -f 'host 10.0.1.128'

Or if you only care about packets originating from that IP:

    dumpcap -i eth0 -w capture.pcapng -f 'src host 10.0.1.128'

(see manual page of pcap-filter(7)).

Peter

References:
- [Wireshark-dev] How to set up the display filter?
  - From: ??????????

Prev by Date: [Wireshark-dev] How to set up the display filter?
Next by Date: Re: [Wireshark-dev] Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
Previous by thread: [Wireshark-dev] How to set up the display filter?
Next by thread: Re: [Wireshark-dev] Change of decoding for Airopeek/Omnipeek 802.11 header with Cisco APs
Index(es):
- Date
- Thread