Yesterday I was working in wireshark and got tired of sifting through the packet capture for the port and range of IP addresses in question. The built in filters in wireshark doesn’t list an example of this very much needed function that I know I’ll often need, so it’s posted here for future reference.
- http and (ip.addr <= 10.80.211.142 and ip.addr >= 10.80.211.140)
- tcp.port == 80 and (ip.addr <= 10.80.211.142 and ip.addr >= 10.80.211.140)
The above will filter out all packets with an ip address between 10.80.211.140 and 142 with a TCP port of 80.