New IP address functions have been added in Wireshark 4.4 (if you use Wireshark on Windows, there's a bug in release 4.4.0: the DLL with these functions is missing, it will be included in release 4.4.1; all is fine with Linux and Mac versions of Wireshark).

These are the functions:

They are explained in the Wireshark filter manual under "Functions".

Function ip_rfc1918, for example, returns True when the argument of this function is a private use IPv4 address. It can be used as a display filter, like this:

These functions can also be used in custom columns, like function ip_special_name that returns the IP special-purpose block name as a string:

To summarize: these functions were introduced with Wireshark release 4.4, but this will not work only if you are using Windows version 4.4.0. I used release candicate 4.4.1 to take these screenshots, as the missing dll (ipaddress.dll) is present in that package.

Didier Stevens
Senior handler
blog.DidierStevens.com