Wireshark filter for filtering both destination-source IP address and the protocol

Asked 19/7, 2012 at 14:9 Answered 3/4, 2013 at 14:8

Solved http networking wireshark sniffer

I want to filter Wireshark's monitoring results according to a filter combination of source, destination ip addresses and also the protocol. So, right now I'm able to filter out the activity for a destination and source ip address using this filter expression: (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx)

This gives me request response activity of the 2 ip addresses which are destination and source both depending upon whether it is a request or a response. But now, I am getting results for HTTP and TCP both. I want to see results only for HTTP.

Any suggestions how to do that?

Perspiratory answered 19/7, 2012 at 14:9 Comment(0)

(ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) && http

Housewares answered 19/7, 2012 at 14:14 Comment(2)

Eeks! I had actually tried that but don't know why it didn't work. Thanks a lot for the solution!! – Perspiratory 19/7, 2012 at 14:43

Another interesting link on this stuff: thegeekstuff.com/2012/07/wireshark-filter – Tess 25/5, 2016 at 12:40

I like (ip.addr==XXX.XXX.XXX.XXX && http) for a single host. You could also do (ip.addr==XXX.XXX.XXX.XXX or XXX.XXX.XXX.XXX && http) for two hosts.

Kickshaw answered 3/4, 2013 at 14:8 Comment(1)

It worked for me using the solution provided by Keshi! But, thanks for this though! :) – Perspiratory 3/4, 2013 at 14:58

Recommended topics

Hot tags