Wireshark: Filter by Multicast in GUI

filtering multicast wireshark
user1205577 picture user1205577 · Jul 9, 2012 · Viewed 80k times · Source

Using the Wireshark "Filter" field in the Wireshark GUI, I would like to filter capture results so that only multicast packets are shown.

I've seen this post but that doesn't work for the GUI filter field. This Wireshark page shows how to filter out multicast, but not how to filter everything but multicast.

Does anyone know of a simple statement that will do this?

Thank you in advance!

Answer

Rob Wagner picture Rob Wagner · Jul 9, 2012

Just use this (eth.dst[0] & 1) . Multicast traffic is recognized by the least significant bit of the most significant byte of the MAC address. If 1, multicast, if 0, not.

Related questions

Truth value of a Series is ambiguous. Use a.empty, a.bool(), a.item(), a.any() or a.all()

Having issue filtering my result dataframe with an or condition. I want my result df to extract all column var values that are above 0.25 and below -0.25. This logic below gives me an ambiguous truth value however it work when …

Read More
JavaScript: filter() for Objects

ECMAScript 5 has the filter() prototype for Array types, but not Object types, if I understand correctly. How would I implement a filter() for Objects in JavaScript? Let's say I have this object: var foo = { bar: "Yes" }; And I want to …

Read More
How to run a SQL query on an Excel table?

I'm trying to create a sub-table from another table of all the last name fields sorted A-Z which have a phone number field that isn't null. I could do this pretty easy with SQL, but I have no clue how …

Read More