Hi,
You'll want to use the slice operator for that. First look up the offset
into the IP header to the source and destination addresses parts of
interest (15 and 19), then apply the slice operator to ip. Like so:
(ip[15:1]==28)||(ip[19:1]==28)
Thanx,
Jaap
On Wed, 21 Mar 2007, Christopher Clayden wrote:
> Hello Everyone,
>
>
>
> Can anyone tell me what the wild card is in wireshark when used in IP
> addresses, if there is such?
>
>
>
> For example, say you want to create a filter for all DC's in your
> organization and there addresses are as follows:
>
>
>
> 192.168.1.40
>
> 192.168.2.40
>
> 192.168.3.40
>
> 192.168.4.40
>
> 192.168.5.40
>
>
>
> I want to create a specific filter for the last octet, and in this example,
> it's 40.
>
>
>
> Thank you for all your help in advance and I will be looking forward to your
> response.
>
>
>
> Cheers,
>
>
>
> Chris.
>
