It seems that my WireShark usage is totally intermittent. And, as expected, when I go to use it again I totally forget the syntax for filtering the display. I was doing some testing today and noticed that a filter I had wasn’t working as expected. I was trying to do this…
Basically, WireShark was telling me that my filter wasn’t really going to work. They word it by saying ‘unexpected results’ but I was still getting traffic from 10.20.30.41. After a little googling I came across this post by Laura Chappell.
http://laurachappell.blogspot.com/2010/12/filtering-out-traffic-by-ip-address.html
Bingo!
I just had the syntax wrong. Her explanation of why my other filter wasn’t working was just as interesting as the solution.
Thanks!