creating filters RRS feed

  • Question

  • Here are a few filter rules that I have put together. The last one has given me some problem. I'm attempting to filter out much of the noise leaving only questionable or external connection to local computer(s)

    How can I filter out a connection between two computers. The last example doesn't quite work. We do NOT want to see traffic between ourself and the server. .1 and .200. Any ideas?

    // Multiple lines, indent the next line

    IPv4.Address == and
     IPv4.Address ==

    Use ! infront of the service to eliminate the service
     !TCP.FLAGS.SYN AND !KerberosV5 AND
       IPv4.SourceAddress != AND IPv4.DestinationAddress !=


    // Show traffic To or From a specific IPv4 address:  
    IPv4.Address ==

    //filter address range
    and IPv4.SourceAddress != and ipv4.DestinationAddress !=

    // Show traffic between two IPv4 addresses.  Both addresses
    // must be in the packet for it to display with this filter.
    IPv4.Address == AND IPv4.Address ==

    // Show traffic From a source IPv4 address:
    IPv4.SourceAddress ==

    // Show traffic To a destination IPv4 address:
    IPv4.DestinationAddress ==

    // Exlclude specific IP Addresses
    IPv4.Address !=

    //filter out process names
    and Conversation.ProcessName != "chrome.exe"

    //between two machines
    IPv4.Address == && IPv4.Address ==

    Thursday, December 11, 2014 6:19 PM