Wireshark · Wireshark-users: Re: [Wireshark-users] Capture Filter for Country

Wireshark-users: Re: [Wireshark-users] Capture Filter for Country

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Mon, 30 Mar 2009 11:40:23 -0700


On Mar 30, 2009, at 11:28 AM, Gerald Combs wrote:

Ron Gallimore wrote:

Is it possible to create a capture filter to exclude any US IP
addresses? I am using Wireshark 1.1.2 with the GeoIP databaseloaded.


You should be able to use something like

   ip and not ip.geoip.country == "United States"

or

   ip.geoip.country and not ip.geoip.country == "United States"


...which works as a display filter, but not a capture filter.

References:
- [Wireshark-users] Capture Filter for Country
  - From: Ron Gallimore
- Re: [Wireshark-users] Capture Filter for Country
  - From: Gerald Combs

Prev by Date: Re: [Wireshark-users] Capture Filter for Country
Next by Date: [Wireshark-users] TCP Dup ACK
Previous by thread: Re: [Wireshark-users] Capture Filter for Country
Next by thread: [Wireshark-users] TCP Dup ACK
Index(es):
- Date
- Thread