Hi I've just started using wireshark and don't know what i'm doing!! I need to capture all traffic on our LAN going to a single ip address so that I can find individual pc's. As soon as I have the ip addresses I can do a lookup in DNS. Is this possible and if so how using the Wireshark GUI?
asked 28 Jun '12, 07:47
If I understand correctly, you can use the filter bar at the top of the Wireshark GUI to search for packets travelling to or from a particular ip address.
Given an ip address xxx.xxx.xxx.xxx , you would input into the filter:
You should get all packets that are travelling to and from that ip address/computer!
answered 28 Jun '12, 11:12
If you want to capture all traffic going to IPv4 address XXX.XXX.XXX.XXX, use Capture -> Options to start the capture, and specify a capture filter of
If you want to capture all traffic going to and coming from that address, use
If, however, you want to do a single capture and then look at it to find out traffic coming from multiple different PCs, capture without a capture filter and then use display filters for each of the machines, as Ian suggested.
answered 28 Jun '12, 13:45
Guy Harris ♦♦