The Wireshark display filter allows you to narrow your view on the amount of information contained in the snoop capture. Here are some basic display filter expressions to be aware of.
Source IP
ip.src==192.168.1.1
ip.src==192.168.1.0/24
!(ip.src==192.168.1.1)
Destination IP
ip.dst==192.168.2.1
ip.dst==192.168.2.0/24
!(ip.dst==192.168.2.1)
Ports
tcp.port==1812
sctp.port==2905
!(udp.port==53)
Protocols
ospf
sccp
stp
Combining expressions
ip.addr==192.168.1.1 or ip.addr==192.168.2.1
ip.addr==192.168.1.1 and udp.port==162
Others
frame contains "
Post a Comment