Wireshark filter for filtering both destination-source IP address and the protocol
Solution 1
(ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) && http
Solution 2
I like (ip.addr==XXX.XXX.XXX.XXX && http) for a single host. You could also do (ip.addr==XXX.XXX.XXX.XXX or XXX.XXX.XXX.XXX && http) for two hosts.
Abhijeet Vaikar
Software Engineer in Test. I care about software quality.
Updated on June 10, 2020Comments
-
Abhijeet Vaikar almost 4 years
I want to filter Wireshark's monitoring results according to a filter combination of source, destination ip addresses and also the protocol. So, right now I'm able to filter out the activity for a destination and source ip address using this filter expression: (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx)
This gives me request response activity of the 2 ip addresses which are destination and source both depending upon whether it is a request or a response. But now, I am getting results for HTTP and TCP both. I want to see results only for HTTP.
Any suggestions how to do that?
-
Abhijeet Vaikar almost 12 yearsEeks! I had actually tried that but don't know why it didn't work. Thanks a lot for the solution!!
-
Abhijeet Vaikar about 11 yearsIt worked for me using the solution provided by Keshi! But, thanks for this though! :)
-
jeanie77 almost 8 yearsAnother interesting link on this stuff: thegeekstuff.com/2012/07/wireshark-filter
