masakari098

Ethereal Capture Filter

7 posts in this topic

I need to make a capture filter that will capture only those packets from the 2xx.xxx.xxx.xxx range, and the "net" filter will only capture -everything- from the next octet down. Am I really going to have to put 99 filters in?

<_<

0

Share this post


Link to post
Share on other sites

ip[16] >= 0xc8 and ip[16] <= 0xff

Thats for destination, use ip[12] for source.

And btw, the full octet would be 56 filters, not 99 (200-255).

I need to make a capture filter that will capture only those packets from the 2xx.xxx.xxx.xxx range, and the "net" filter will only capture -everything- from the next octet down. Am I really going to have to put 99 filters in?

<_<

Edited by tiocsti
0

Share this post


Link to post
Share on other sites

Hey masakari098,

I'm new to the board so if this information is dated sorry. Anyway, your assignment seems a little puzzling to me. If your using Ethereal (they've changed their name anyhow) then what your going to capture is what's on the lan your connected to. Therefore, all those addresses are irrelevant. So what you would do is ipconfig your system to get your network id which should be the same as everyone else on your lan for the first three octets from the left.

That is,

2xx.xxx.xxx will all be the same. Why? By you showing me a 2 you have identified yourself as a class C network. All class C networks use the same first three octets, and their beginning octet range is from 192-223. So say you ipconfig yourself and you get this for your first three octets:

209.111.222

and your full address is this

209.111.222.101

You will then filter your search for 254 addresses- you don't search for yours and at this octet you don't use a zero when other addresses have been defined.

However, this is the puzzling part. You don't need to filter anything. By just running Ethereal on your lan then you will automatically capture whatever your assignment target was.

Anyway, it has been about three months now since you've posted this so if you figured out what you were supposed to do let me know.

---------------

Phail_Saph

---------------

I need to make a capture filter that will capture only those packets from the 2xx.xxx.xxx.xxx range, and the "net" filter will only capture -everything- from the next octet down. Am I really going to have to put 99 filters in?

<_<

-2

Share this post


Link to post
Share on other sites
If your using Ethereal (they've changed their name anyhow)

Since when? Their website shows no changes ...

0

Share this post


Link to post
Share on other sites

hehe, from the screenshot, it looks like they just recompiled ethereal and renamed it Wireshark, looks lame to me.

0

Share this post


Link to post
Share on other sites

I know massive change, worth the confusion...eh?

:D

---------------

Phail_Saph

---------------

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now