WireShark - Capturing Packets on Multiple IP Address (FIlter)
5,314
I just tested
host 10.25.100.133 or host 10.25.100.1
as a capture filter in a wireshark session and it did what you ask (selected all traffic to or from either of those addresses). You can continue to add host a.b.c.d requirements, if you need to.
Related videos on Youtube
10 : 38
Learn Wireshark in 10 minutes - Wireshark Tutorial for Beginners
03 : 38
Wireshark - IP Address, TCP/UDP Port Filters
16 : 36
Wireshark - Capture Filters
00 : 57
How to Filter by specific IP Address using Wireshark
01 : 21
DevOps & SysAdmins: WireShark - Capturing Packets on Multiple IP Address (FIlter)
Author by
Derek
Updated on September 18, 2022Comments
-
Derek over 1 year
I'm looking for the syntax to do a capture filter on WireShark, by capturing the traffic on several (specific) IP addresses. I understand how to capture a range, and an individual IP address. However, the application I am capturing on is spread of a 'bucket' of IP addresses/servers, of which other applications are based within the same range. See my example:
- ECommerce App Servers: 192.168.1.2, 192.168.1.3, 192.168.1.4. - This is what I want to capture on (filtered on these exact IPs) I have tried 'host 192.168.1.2 host 192.168.1.3' etc.
- There are other applications within this range, e.g. PayRoll App is on 192.168.1.5, and I don't want to see any of this in my capture. Therefore 'net 192.168.1.0/24' to capture the whole range will not work for me.
Can anyone provide me the syntax? Is it even possible?
-
MadHatter almost 13 yearsForgive me for noting this, but I see you're new to the site, and this is your first question. If you're happy with this answer, you should accept it by clicking the "tick" outline you see next to it. This not only improves my reputation but makes sure that you develop a reputation as someone who accepts answers to all the questions he asks - which is just as important.
-
MadHatter almost 13 years..and I see you have done - thanks, and good luck on SF!
