I want to filter Wireshark's monitoring results according to a filter combination of source, destination ip addresses and also the protocol.
So, right now I'm able to filter out the activity for a destination and source ip address using this filter expression:
(ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx)
This gives me request response activity of the 2 ip addresses which are destination and source both depending upon whether it is a request or a response.
But now, I am getting results for HTTP and TCP both. I want to see results only for HTTP.
Any suggestions how to do that?
Best Answer
(ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) || (ip.dst == xxx.xxx.xxx.xxx && ip.src == xxx.xxx.xxx.xxx) && http