How can I use the display filter in Network Monitor to include a protocol I specify that excludes address ranges I trust?
Posted on 2011-09-12
I'm interested in doing a capture using Network Monitor 3.4 where I'd like to see ICMP/PING traffic that is destined for addresses I do not trust.
So for instance... let us say that I trust segment 192.168.x.x/24 and I trust 167.80.x.x/24 but I want to see ICMP traffic destined for *ALL ADDRESS THAT DO NOT FALL INTO THOSE SEGMENTS*... how can I do this?
Sadly, Network Monitor doesn't support simple wildcarding. So I'd like help crafting a query. I have a server that is attempting to ping strange addresses and in my enterprise, I only have a few trusted segments. I want to find where it's going above and beyond my trusted segments.
Hopefully this makes sense. Thanks in advance.