Home page logo
/

wireshark logo Wireshark mailing list archives

Re: How to set up the display filter?
From: Peter Wu <lekensteyn () gmail com>
Date: Mon, 03 Mar 2014 11:14:11 +0100

On Monday 03 March 2014 16:25:06 我想不无聊 wrote:
I just captured WLAN packets with wireshark, I want to display the packets
whose source address is 10.0.1.128 ,what is the display filter
expression?thanks.

The manual page of wireshark-filter(4) has an example for this. Adapter for 
your case:

    ip.src == 10.0.1.128

If you only need packets from this IP, consider setting a capture filter.


    dumpcap -i eth0 -w capture.pcapng -f 'host 10.0.1.128'

Or if you only care about packets originating from that IP:

    dumpcap -i eth0 -w capture.pcapng -f 'src host 10.0.1.128'

(see manual page of pcap-filter(7)).

Peter

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault