How to filter by IP address in Wireshark?

Question

I tried dst==192.168.1.101 but only get :

Neither \"dst\" nor \"192.168.1.101\" are field or protocol names.

The following display filter isn\'t a          


        

Answer 1

Actually for some reason wireshark uses two different kind of filter syntax one on display filter and other on capture filter. Display filter is only useful to find certain traffic just for display purpose only. its like you are interested in all trafic but for now you just want to see specific.

but if you are interested only in certian traffic and does not care about other at all then you use the capture filter.

The Syntax for display filter is (as mentioned earlier)

ip.addr = x.x.x.x or ip.src = x.x.x.x or ip.dst = x.x.x.x

but above syntax won't work in capture filters, following are the filters

host x.x.x.x

see more example on wireshark wiki page

Answer 2

Match destination: ip.dst == x.x.x.x

Match source: ip.src == x.x.x.x

Match either: ip.addr == x.x.x.x