Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Filter for whole Network 1

Status
Not open for further replies.
samirsuri

samirsuri

Technical User
Dec 23, 2002
6
IN
hi ,
I want to create a filter for whole network 172.28.0.0
can anybody please help me in configuring this in Sniffer pro 4.5 .
Thanks
Sameer
 
Sort by date Sort by votes
Hi

you must use the fiters by data pattern. You can specify the data in binary format with 16 bits of length in these case, and you must put the offset from protocol to 80 hex (for destination address).

In order to do a more complex filter (source and destination) you must use more than one pattern.

Jose Antonio
 
Upvote 0 Downvote
Thanks a lot jhuerta ,
I will try that but is it be possible for you to send me a screen shot or do you have some sites which provide such tips on sniffer
 
Upvote 0 Downvote
I have some info at Laura Chappell, the grand Diva of packets can be found at She has a great book on just filtering, "Catching the Cool Packets".

MikeS


Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
 
Upvote 0 Downvote
I always catch on faster if someone shows me how to do something, so here is a video of how to create the filter you are looking for.

If you want to do a different subnet, change the data in data pattern of the filter. Let me know if it helps. I am more than happy to create more videos to show how to do things in Sniffer.

Here is the link to the video:

Best regards,
mpennac

 
Upvote 0 Downvote
I will try this out today and thank you all for giving support so fast .
 
Upvote 0 Downvote
Thanks mpennac,Mike , Jose for the help . it finally worked with the following settings for the network 172.18.22.0
In edit pattern
From - Protocol
Format - Binary
offset - 80
len - 24
0 1 2 3
0 10101100 00010010 00010110


Name - Src Subnet 172.18.22
 
Upvote 0 Downvote
Hi samirsuri

Be careful with the offset.

If you use 80 Hex from Protocol, the filter is for the destination address.

If you need to capture from the source address, you must use a offset of 60 Hex.

Jose Antonio

 
Upvote 0 Downvote
Thanks Jose ,
I was trying to figure out how to filter for source address and you gave me the tip at the right time .
Thanks
Sameer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hunt3rxhunt3r
  • Locked
  • Question
Desktop/Network Hardware monitoring
Replies
1
Views
139
MikeHalloran
MikeHalloran
shedlord2
  • Locked
  • Question
Best (simple) sniffer to use for detecting illegal filesharing on a network?
Replies
1
Views
156
fortunat
fortunat
TechMerlin
  • Locked
  • Question
Network Monitor
Replies
3
Views
156
Serena18
Serena18
infogaby
  • Locked
  • Question
laptop acts strange on one network
Replies
0
Views
127
infogaby
infogaby
jrsavage
  • Locked
  • Question
Promiscuous Driver for Realtek rtl8187
Replies
0
Views
111
jrsavage
jrsavage

Part and Inventory Search

Sponsor

Back
Top