I'm looking for the syntax to do a capture filter on WireShark, by capturing the traffic on several (specific) IP addresses. I understand how to capture a range, and an individual IP address. However, the application I am capturing on is spread of a 'bucket' of IP addresses/servers, of which other applications are based within the same range. See my example:
- ECommerce App Servers: 192.168.1.2, 192.168.1.3, 192.168.1.4. – This is what I want to capture on (filtered on these exact IPs) I have tried 'host 192.168.1.2 host 192.168.1.3' etc.
- There are other applications within this range, e.g. PayRoll App is on 192.168.1.5, and I don't want to see any of this in my capture. Therefore 'net 192.168.1.0/24' to capture the whole range will not work for me.
Can anyone provide me the syntax? Is it even possible?
Best Answer
I just tested
as a capture filter in a wireshark session and it did what you ask (selected all traffic to or from either of those addresses). You can continue to add
host a.b.c.drequirements, if you need to.