I'm in a classroom situation learning to use Wireshark and other
forensic tools and I can filter IP addresses with ease but due to the
configuration of the classroom [instructor's insistence] all
workstations are on the same subnet. If I filter for x.x.x.12, I also
get x.x.x.121, .123, etc.
WIKI and FAQs don't show how to specify one IP only from a block of
similar addresses and the mechanism for filtering as described in the
multiple IPs thread won't work unless I specify all the other
addresses. I told the instructor that filtering on the MAC address was
more predictable in this case but he's not convinced that there isn't
some way to filter IPs.
What do I need to add to restrict the IP value to exactly what I want
and not variants on that value? Is there a wildcard I can use?
Thanks in advance for any help.
Karen Isaacson