 | 1 | initial version |
Wireshark sees both the transmitted and the received packets
If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction in and a -w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.
OSes that support it:
| | 2 | No.2 Revision |
Wireshark sees both the transmitted and the received packets
If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction in--direction=in-w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.
OSes that support it:
although, unfortunately, Apple screwed up and --direction might not work.
| | 3 | No.3 Revision |
Wireshark sees both the transmitted and the received packets
If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction=in and a -w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.
OSes that support it:
although, unfortunately, Apple screwed up and --direction might not work.work on macOS.
