Wireshark 4.4's IP Address Functions

Published: 2024-09-09. Last Updated: 2024-09-09 11:35:46 UTC
by Didier Stevens (Version: 1)
0 comment(s)

New IP address functions have been added in Wireshark 4.4 (if you use Wireshark on Windows, there's a bug in release 4.4.0: the DLL with these functions is missing, it will be included in release 4.4.1; all is fine with Linux and Mac versions of Wireshark).

These are the functions:

They are explained in the Wireshark filter manual under "Functions".

Function ip_rfc1918, for example, returns True when the argument of this function is a private use IPv4 address. It can be used as a display filter, like this:

These functions can also be used in custom columns, like function ip_special_name that returns the IP special-purpose block name as a string:

To summarize: these functions were introduced with Wireshark release 4.4, but this will not work only if you are using Windows version 4.4.0. I used release candicate 4.4.1 to take these screenshots, as the missing dll (ipaddress.dll) is present in that package.

 

Didier Stevens
Senior handler
blog.DidierStevens.com

Keywords:
0 comment(s)
ISC Stormcast For Monday, September 9th, 2024 https://isc.sans.edu/podcastdetail/9130

Comments


Diary Archives