Ask Your Question

How to apply filter for inbound and outbound traffic?

asked 2023-09-11 13:33:31 +0000

Khushboo gravatar image

How to apply filter for inbound and outbound traffic? I want to monitor the inbound and outbound in Wireshark.


edit retag flag offensive close merge delete


There is none of that ChatGPT AI stuff here.
It's more like ELIZA:

"Can you elaborate on that?"

What are you trying to accomplish?

Chuckc gravatar imageChuckc ( 2023-09-11 18:59:45 +0000 )edit

What do you define as inbound and outbound in your situation? Answer that and the filter may be derived from that.

Jaap gravatar imageJaap ( 2023-09-11 18:59:51 +0000 )edit

I have installed Wireshark in my host machine and I want any traffic coming or going from host to all clients machine, I can monitor the for this how can I validate which are inbound traffic and which are outbound.

Khushboo gravatar imageKhushboo ( 2023-09-12 01:23:11 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2023-09-12 05:47:06 +0000

Jaap gravatar image

Maybe surprisingly there's no indicator in a captured packet if it egressed or ingressed an interface (for most types of interfaces). However, other characteristics of an interface may be used to make that distinction. A very common one is the use of the IPv4 address of the packets: if it's the hosts source address used as source address, the packet is egressing.

This would be the display filter expression: ip.src == <IPv4 host>

This would be the capture filter expression: ip src host <IPv4 host>

Another parameter you can use if the MAC address of the interface.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2023-09-11 13:33:31 +0000

Seen: 164 times

Last updated: Sep 12