Glowie
Reputation: 2309
Capture Filter with Wildcard in IP Address
I am trying to customize Wireshark capture such that is captures all IP addresses (both source and destination) with the IP address format xxx.xxx.xxx.100.
I used the following Capture Filter
ip matches /.*/.*/.*/.100
but the text box remains red'
These are not IP addresses in a particular range, just the fourth octet is 100
Upvotes: 4
Views: 22767
Answers (1)
admdrew
Reputation: 3863
Your regex is a little off, as you need to use a backslash to escape the periods. Try this:
ip.host matches "\.100$"
That should match .100 at the end of the string.
Source: http://ask.wireshark.org/questions/22230/filter-for-partial-ip-address
Edit: Try using the Display Filter (Analyze->Display Filters..), not the Capture Filter
Upvotes: 6
Related Questions
- How to filter by IP address in Wireshark?
- How to create a wireshark display filter with wildcard?
- Regex - Delimited IP address match either from start of string or from start of delimiter, also allow wildcard
- Capture filter PCAP - Filter IP address to reduce file size
- Wireshark capture filters
- Filter out a certain IP adreess
- Wireshark display filter where source address in not an ip-address
- Wireshark filter for filtering both destination-source IP address and the protocol
- Wireshark filter per ip address "different from" something
- ip filter for multiple IPs