Darren
-
2012-08-09
- priority: 5 --> 6
at present, a list of filters separated with ";" on the command line amount to logical or'ing.
so "ip.src=10.2.0.0/16;ip.dst=10.3.0.0/16;" would mean that either property can match for the expression to match.
what's desired is to say both need to match for the condition to hold true.
e.g.
"ip.src=10.2.0.0/16,ip.dst=10.3.0.0/16;"
but consideration should be given as to whether the filter should be constructed more meaningfully, such as:
"(ip.src=10.2.0.0/16 OR ip.dst=10.3.0.0/16) and tcp.port=22"