Wireshark · Ethereal-users: [Ethereal-users] Display Filter to Remove an IP Address

Ethereal-users: [Ethereal-users] Display Filter to Remove an IP Address

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Keith French" <keithfrench@xxxxxxxxxxxxxxx>

Date: Sun, 23 May 2004 15:29:05 +0100

> I am trying to construct a display filter to remove all traffic to and
> from a particular IP address, but all things I try do not work. What I
> have tried is:-
>
> not ip.addr eq 10.10.10.10
> not (ip.addr eq 10.10.10.10)
> !(ip.addr eq 10.10.10.10)
> ip.addr ne 10.10.10.10

That's odd, as "not (ip.addr eq XXX.XXX.XXX.XXX)" worked for me (it's
equivalent to "!(ip.addr eq XXX.XXX.XXX.XXX)"). I assume that "not
(ip.addr eq 10.10.10.10)" either caused packets to or from 10.10.10.10
to be displayed or caused packets neither to nor from 10.10.10.10 not to
be displayed - which of those, or both, is the case?

What I have found is that if I filter on:-

not ether.addr MAC Address

it does get rid of the traffic. Some of the packets are broadcasts such as NBNS, but surely that is a layer 3 broadcast, not layer 2?.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.689 / Virus Database: 450 - Release Date: 21/05/2004

Follow-Ups:
- Re: [Ethereal-users] Display Filter to Remove an IP Address
  - From: Jerry Talkington

Prev by Date: Re: [Ethereal-users] Unusual arp requests
Next by Date: Re: [Ethereal-users] Display Filter to Remove an IP Address
Previous by thread: Re: [Ethereal-users] Display Filter to Remove an IP Address
Next by thread: Re: [Ethereal-users] Display Filter to Remove an IP Address
Index(es):
- Date
- Thread