How to filter wireshark capture to have only packets with local ip as source or destination

Question

How to filter wireshark capture to have only packets with local ip as source or destination?

The expression should be valid for both ipv4 and ipv6.

I am obviously asking for an other solution than that of finding the ipv4 and ipv6 manually and entering them in the filter bar.

May be you can do all sorts of filtering using tcpdump and save the output to a file and then read that file in wireshark. — Ijaz Ahmad, Nov 23 '16 at 14:03
I suspect this is going to be tricky. First you need to not be in promiscuous mode, then you probably need to filter out all broadcast and multicast traffic. What is left should only be traffic for that host. — Zoredache, Nov 23 '16 at 18:34

score 0 · Answer 1 · answered Nov 23 '16 at 18:38

0

Not really sure if this gets everything, but try a filter like this.

tcpdump -pn 'not broadcast and not multicast and (ip or ip6)'

I believe this should only return IPv4/IPv6 traffic, that is not broadcast or multicast.

answered Nov 23 '16 at 18:38

Zoredache

1 Answers1