How to apply filter for inbound and outbound traffic?

asked 2023-09-11 13:33:31 +0000

Khushboo

How to apply filter for inbound and outbound traffic? I want to monitor the inbound and outbound in Wireshark.


There is none of that ChatGPT AI stuff here.
It's more like ELIZA:

"Can you elaborate on that?"

What are you trying to accomplish?

Chuckc ( 2023-09-11 18:59:45 +0000 )

What do you define as inbound and outbound in your situation? Answer that and the filter may be derived from that.

Jaap ( 2023-09-11 18:59:51 +0000 )

I have installed Wireshark in my host machine and I want any traffic coming or going from host to all clients machine, I can monitor the for this how can I validate which are inbound traffic and which are outbound.

Khushboo ( 2023-09-12 01:23:11 +0000 )

answered 2023-09-12 05:47:06 +0000

Jaap

Maybe surprisingly there's no indicator in a captured packet if it egressed or ingressed an interface (for most types of interfaces). However, other characteristics of an interface may be used to make that distinction. A very common one is the use of the IPv4 address of the packets: if it's the hosts source address used as source address, the packet is egressing.

This would be the display filter expression: ip.src == <IPv4 host>

This would be the capture filter expression: ip src host <IPv4 host>

Another parameter you can use if the MAC address of the interface.

