This tutorial explains 6 types of wireshark ip filters which can be used for network analysis.
1. Filter to display packets originating from the source
The below screenshot shows the filter to display all packets originating from the source address , which is 192.168.137.175. The filter used is ip.src==192.168.137.175.
2. Filter to display ip traffic between from a specific source to destination
The below screenshot shows the filter to display all packets between two systems based on IP address. All traffic which has the source address as 192.168.137.175 and the destination as 192.168.137.1 is filtered. The filter used is ip.src==192.168.137.175 && ip.dst==192.168.137.1
3. Filter to display all ip traffic containing TCP protocol
IP headers contains the field proto in the header, which provides information on the upper layer protocol. This include TCP, UDP, ICMP etc. The value for TCP field is 6. The filter used to display all IP packets containing the TCP protocol is ip.proto==6. The screenshot of the filter is shown below.
4. Filter to display all ip traffic containing UDP protocol
The value for UDP field is 17 in the proto field in the IP header. The filter used to display all IP packets containing the TCP protocol is ip.proto==17. The screenshot of the filter is shown below
5. Filter to display all ip based broadcast traffic from a system
IP based broadcast address is 255.255.255.255. To filter all packets which contain IP based broadcast packets originating from a system, the filter ip.dst==255.255.255.255 is used. The screenshot of the filter is shown below.
Recommended Ebook – Wireshark Tutorials for Network Administrators