Wireshark-users: Re: [Wireshark-users] wildcard filter

From: "Marlon Duksa" <mduksa@xxxxxxxxx>
Date: Tue, 12 Aug 2008 15:28:48 -0700
Thanks. That worked!
Marlon

On Tue, Aug 12, 2008 at 3:15 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Aug 12, 2008, at 3:01 PM, Marlon Duksa wrote:

> I'd like to filter all source IP addresses from the 11.x.x.x range.
> Not sure how to do this by applying a wildcard (*).

To quote the wireshark-filter(4) man page:

       Classless InterDomain Routing (CIDR) notation can be used to
test if an
       IPv4 address is in a certain subnet.  For example, this
display filter
       will find all packets in the 129.111 Class-B network:

           ip.addr == 129.111.0.0/16

       Remember, the number after the slash represents the number of
bits used
       to represent the network.  CIDR notation can also be used with
       hostnames, as in this example of finding IP addresses on the
same Class
       C network as 'sneezy':

           ip.addr eq sneezy/24

       The CIDR notation can only be used on IP addresses or
hostnames, not in
       variable names.  So, a display filter like "ip.src/24 ==
ip.dst/24" is
       not valid (yet).

so try

       ip.src == 11.0.0.0/8

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users