Ask Your Question
0

how do i capture packets from only 1 IP address

asked 2020-01-29 01:18:15 +0000

big_daddy_11 gravatar image

I'm new here and am only interested in capturing packets from 1 IP address? Is this possible and if so how can I do this? thanks in advance!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-01-29 02:12:13 +0000

Guy Harris gravatar image

Yes, it's possible - that's what "capture filters" are for; see the Wireshark User's Guide (look for "capture filters" in several places).

The syntax for capture filters is defined in the pcap-filter man page.

The filters to test for a single IP address are simple:

  • If you only want to capture packets from a given IP address, such as 192.16.135.134, and aren't interested in packets to that address, the filter would be src host 192.16.135.134 or just src 192.16.135.134.
  • If you only want to capture packets to a given IP address, such as 192.16.135.134, and aren't interested in packets from that address, the filter would be dst host 192.16.135.134 or just dst 192.16.135.134.
  • If you want to capture packets from or to a given IP address, such as 192.16.135.134, the filter would be host 192.16.135.134.

(Remember, if you want to capture all traffic involving that one IP address, capturing packets from that address won't work - that won't show traffic to that address.)

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-01-29 01:18:15 +0000

Seen: 64,881 times

Last updated: Jan 29 '20