Refer to the wireshark-filter man page for more information about the slice operator and Wireshark display filters in general. For example, if the source address was 50.xxx.xxx.100 and the destination address was .152, then the packet would still match the filter, as the 1st byte of the source address would match as well as the last byte of the destination address. Unfortunately, this doesn't work reliably because it will actually match either the 1st byte of either the source or destination addresses as well as the 4th byte of either the source or destination IP addresses. As a Threat Intelligence Analyst for Palo Alto Networks Unit 42, I often use Wireshark to review traffic generated from malware samples. This tool is used by IT professionals to investigate a wide range of network issues. Note that you might be tempted to use a simpler filter such as: ip.addr=32
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |