# Revision history [back]

Wireshark sees both the transmitted and the received packets

If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction in and a -w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.

OSes that support it:

• sufficiently recent versions of macOS and the *BSDs;
• possibly Solaris 11.

Wireshark sees both the transmitted and the received packets

If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction in--direction=in and a -w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.

OSes that support it:

• sufficiently recent versions of macOS and the *BSDs;
• possibly Solaris 11.

although, unfortunately, Apple screwed up and --direction might not work.

Wireshark sees both the transmitted and the received packets

If 1) the host doing the capturing is running an operating system that supports capturing only incoming traffic and 2) you have a sufficiently recent version of libpcap and tcpdump on that host, you can capture with tcpdump, using --direction=in and a -w option to write the capture to a file, and the resulting file will have only incoming packets. You can then have Wireshark read that capture file.

OSes that support it:

although, unfortunately, Apple screwed up and --direction might not work.work on macOS.