This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture from a single IP

0

Hi, I'm new on the Wireshark and, even I have read some manuals, the capture filter doesn't seems to work for me. I only want to capture packets to/from a single IP. So, I open Capture -> Capture Filters.. and create a new rule:

name: MyRule

string: host 192.168.1.100

But it doesn't work, I see (and Wireshark captures) packets from every host on the LAN. I've tryed to clear all the other rules and have only my rule, but it still capturing everything.

I assume that I'm doing something wrong, but I don't know what it is and I need some help.

Thanks.

asked 28 Aug '12, 11:12

A_Perez's gravatar image

A_Perez
1112
accept rate: 0%

One Answer:

2

So, I open Capture -> Capture Filters.. and create a new rule:

By doing that, you only defined a capture filter, but you have to apply it during capturing!

Wireshark 1.6.x:

Capture -> Options -> Capture Filter:

Wireshark 1.8.x:

Capture -> Options

Then double-click on the desired interface and select the filter

Capture filter:

Regards
Kurt

answered 28 Aug '12, 11:15

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 28 Aug '12, 11:18

Thanks Kurt.

That was the problem, I needed to apply...

Thanks you very much.

(28 Aug '12, 12:06) A_Perez