Ethereal-users: [Ethereal-users] Re: [Ethereal-bugs] [Bug 538] New: Filtering a specific IP Addr
Hi Guy,
Thank you for your tip. It is working perfectly but is there a way to filter the destination ip and not the source?
From: Guy Harris <gharris@xxxxxxxxx>
To: shihboy@xxxxxxxxxxx
CC: ethereal-users@xxxxxxxxxxxx
Subject: Re: [Ethereal-bugs] [Bug 538] New: Filtering a specific IP Address under one Network
Date: Mon, 17 Oct 2005 20:48:45 -0700
>bugzilla-do-not-reply@xxxxxxxxxxxx wrote:
>
>>Hi! This is not really a report of any bugs I discovered in your
>>system
>
>Then it shouldn't be filed as a bug...
>
>>but I
>>just would like to ask for your help in ways of capturing a filter.
>
>...it should, instead, be mailed to ethereal-users@xxxxxxxxxxxx.
>
>>I would like
>>to capture the network usage of the host with the IP that starts
>>with 9. May it
>>be 9.187.110.12 or
9.68.237.226. Is there a way for this to be
>>possible?
>
>The tcpdump man page describes the capture filter syntax. If you
>want to capture only traffic going to or from hosts on the 9.x.x.x
>network, the man page says you should do:
>
> net net/len
> True if the IPv4/v6 address matches net with a
>netmask
> len bits wide. May be qualified with src or dst.
>
>"net 9.0.0.0/8", or
>
> net net mask netmask
> True if the IP
address matches net with the specific
>net-
> mask. May be qualified with src or dst. Note that
>this
> syntax is not valid for IPv6 net.
>
>"net 9.0.0.0/255.0.0.0".
>
>If you've already captured the traffic, and you want to limit the
>display to show only traffic to and from hosts on the 9.x.x.x
>network, you would do
>
> ip.addr == 9.0.0.0/8
Express yourself instantly with MSN Messenger!
MSN Messenger Download today it's FREE!
