Capture Filter with Wildcard in IP Address

filter wireshark
15,189

Your regex is a little off, as you need to use a backslash to escape the periods. Try this:

ip.host matches "\.100$"

That should match .100 at the end of the string.

Source: http://ask.wireshark.org/questions/22230/filter-for-partial-ip-address

Edit: Try using the Display Filter (Analyze->Display Filters..), not the Capture Filter

Share:
15,189
Glowie
Author by

Glowie

Updated on August 21, 2022

Comments

  • Glowie
    Glowie over 1 year

    I am trying to customize Wireshark capture such that is captures all IP addresses (both source and destination) with the IP address format xxx.xxx.xxx.100.

    I used the following Capture Filter

    ip matches /.*/.*/.*/.100

    but the text box remains red'

    These are not IP addresses in a particular range, just the fourth octet is 100

  • Glowie
    Glowie over 10 years
    I tried this, box remains red, and when I attempt to run capture, I get error, "That string looks like a valid display filter; however, it isn;t a valid capture filter (syntax error)." When I google "wireshark capture filter ip address wildcard" I get the same website you posted, and other websites, but none that help :-(
  • admdrew
    admdrew over 10 years
    See my edit just now; like your error says, it's a display filter that this will work for, not the capture filter. I confirmed my string above works now as a display filter.
  • Glowie
    Glowie over 10 years
    If I capture traffic for 15 seconds, I get only one or two IP addresses in the format xxx.xxx.xxx.100. But if I run capture for few minutes the capture file reaches few GIGs. However if I am able to use a Capture Filter to only capture IP address xxx.xxx.xxx.100, it will save lot of disk space ...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can the SSDP protocol be filtered out of Wireshark view?
Wireshark filter to only capture Incoming Packets?
How to filter for HTTP 500 responses and their requests in Wireshark?
Filter tcpdump file AFTER capturing
How to make wireshark filter POST-requests only?
Wireshark Info Filter Help
How do I filter SQL Server traffic between app and DB servers using Wireshark?
filtering by domain
Apply color filter picture while swipe Flutter
Flutter -Adding Voice Effects to locally saved audio file(.m4a) - Change Pitch, Add Background Music, Change Voice