Reputation: 1
Wireshark display filter: host to host
I need to Write a Wireshark display filter to meet the following requirements.
All traffic from host 192.168.12.44 to host 192.168.12.1
I believe it is just
ip.src_host = 192.168.12.44 && ip.dst_host 192.168.12.1
or
ip.src== 192.168.12.44 && ip.dst==192.168.12.1
I'm just not sure which syntax is correct. Can anyone offer any tips/advice? I tried this on two different IPs that i can actually test yet they seem to offer different results, so I'm not sure which one I need.
Upvotes: 0
Views: 1504
Answers (1)
Reputation: 344
ip.src & ip.dst are for IP adresses while ip.src_host & ip.dst_host are for their DNS names. Suppose an IP with the address 192.168.1.1 has a corresponding DNS name of mydns.mysite.com. Assuming you have enabled Resolve Network Address under View --> Name Resolution, then ip.src_host will filter mydns.mysite.com while when not enabled ip.src will filter 192.168.1.1 Please refer to this link for more information.
Upvotes: 1
Related Questions
- How to create a wireshark display filter with wildcard?
- Wireshark display filter for Protocol != 802.11
- Wireshark display filter; bitwise comparison
- Advanced filtering in wireshark
- Wireshark display filter where source address in not an ip-address
- Wireshark filter for filtering both destination-source IP address and the protocol
- How to filter wireshark to display only packets between a server and a client?
- Wireshark Display Filter for Unique Source/Destination IP and Protocol
- Filter traffic using wireshark's display filters
- Wireshark filtering for ip-port pair(Display filter)