Wireshark – capture all packets for HTTP request

Clear the expression ip.addr==192.168.0.1 filter. This is probably whats filtering out what you want to see. You can tell by the very first column in WireShark, Look at the No. jumps at DNS No.94 to SSDP No. 680 --- So about 500 entries you arent seeing. You can also turn off the ssdp discovery service in windows to eliminate that ssdp mess.

Honestly, this solution isn't ideal because the tool you're using isn't ideal. I get that this is something you're just exploring and trying to understand, I would simply advise against using it as a go-to method in the future. Using the CLI with tcpdump or tshark will afford you much greater filtering abilities as it allows you to use things like sed, awk, grep, etc.

While I don't know anything about Netdisco, I suspect that it isn't using the exact method that Wireshark is using to filter things, so this may not be the best example.

The correct solution to achieve exactly what you want inside Wireshark is to build a packet dissector:

https://www.wireshark.org/docs/wsdg_html_chunked/ChapterDissection.html

However, for the quick and dirty, which is what it sounds like you want:

I took an identical capture using one of the boxes in my lab, if you're looking for just IP address:

snmp.value.ipv4 (or snmp.value.ipv6)

This will display any packets with IPv4 address values returned in the responses. However, because address and subnet mask are passed back in the same format, you will have to be able to discern which are real addresses and which are subnet masks.

In addition, you can break out the addresses (and masks) into their own column, then sort them in order which should leave all of the subnet masks at the bottom of the list.

First: Right Click the specific field you want to build into a column, in our case it's the IpAddress Value:

Second: Sort. (Apologies on the image scale)

I hope this helps.