Wireshark · Wireshark-users: Re: [Wireshark-users] Capture Filter for Country

Wireshark-users: Re: [Wireshark-users] Capture Filter for Country

From: Andrew Hood <ajhood@xxxxxxxxx>

Date: Tue, 31 Mar 2009 08:17:35 +1100

Guy Harris wrote:
> On Mar 30, 2009, at 10:47 AM, Ron Gallimore wrote:
> 
> 
>>Is it possible to create a capture filter to exclude any US IP
>>addresses?
> 
> 
> Not from within Wireshark, no.  It has no code to do that.
> 
> You might be able to find address range information at ARIN's Web  
> site; hopefully they distinguish between US and Canadian/assorted  
> islands range allocation.  Hopefully any capture filter you construct  
> from that won't result in a BPF program too big to put into the kernel.

There are over 34000 allocations in the various RIR databases (not just
ARIN) that point a block at the US country code.
Somehow I don't think BPF could cope.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who

References:
- [Wireshark-users] Capture Filter for Country
  - From: Ron Gallimore
- Re: [Wireshark-users] Capture Filter for Country
  - From: Guy Harris

Prev by Date: [Wireshark-users] TCP Dup ACK
Next by Date: [Wireshark-users] Help Required- Wifi Router
Previous by thread: Re: [Wireshark-users] Capture Filter for Country
Next by thread: Re: [Wireshark-users] Capture Filter for Country
Index(es):
- Date
- Thread