Guy Harris wrote:
> On Mar 30, 2009, at 10:47 AM, Ron Gallimore wrote:
>
>
>>Is it possible to create a capture filter to exclude any US IP
>>addresses?
>
>
> Not from within Wireshark, no. It has no code to do that.
>
> You might be able to find address range information at ARIN's Web
> site; hopefully they distinguish between US and Canadian/assorted
> islands range allocation. Hopefully any capture filter you construct
> from that won't result in a BPF program too big to put into the kernel.
There are over 34000 allocations in the various RIR databases (not just
ARIN) that point a block at the US country code.
Somehow I don't think BPF could cope.
--
There's no point in being grown up if you can't be childish sometimes.
-- Dr. Who