Log filter for RANGE of IP's or Ports

L3 Networker

Log filter for RANGE of IP's or Ports

Does anyone know the syntax used to create filters for port or IP ranges?

For example, I want to filter on IP's 9same for port ranges).

Thanks in advance

L4 Transporter

for port ranges, you can combine the geq (greater than or equal to) and leq (less than or equal to) with an AND operator, e.g:


 (port.dst geq 53) and (port.dst leq 442)

will show DNS and HTTP but not HTTPS or SSH requests


for IP, I believe your only option is to use CIDR notation, but you can get as specific as you need to with the subnet mask.


for example,


( addr.src in )

will show IPs in the range of - (though .0 is the network and .7 is the broadcast in this case, so those 2 shouldn't show up in results)


CCNA Security, PCNSE7
L4 Transporter

*edit* Woops, @bradk14 beat me to it!



If you're referring to one of the tabs/pages that has access to the filter builder then I'd do something like this:


( addr.src in ) and ((port.dst geq 60) and (port.dst leq 450))


This is just an example that does both functions but you could easily break that up.  This basically searches for everything between that goes to a destination port between and including 60 through 450.


With the ports you just use geq and leq ("greater than or equal to" and "less than or equal to" respectively).


With the IP I don't think you can use those same operators... it looks just just be a "in" or "not in" and it won't accept a range ( so you do it as a subnet instead (

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!