I have Wireshark loaded on a Windows 8 OS and I want to monitor another IP from a computer on my network. I read a couple responses to others with the same question but none of the answers are working for me. I went to Capture Filter and used "host xxx.xxx.xxx.xxxx." This does not capture anything from the machine I am trying to monitor. However, this will capture packets that I send to the machine I want to monitor from the machine that I have Wireshark loaded on. For example, ICMP traffic will show up on Wireshark if I ping the monitored machine from the Windows 8 machine with Wireshark. Am I doing something wrong here or is that Wireshark isn't meant to work like this? This question is marked "community wiki". asked 03 Jul '15, 17:23  alexwallace23 |
One Answer:
The issue is likely down to oyu using a switched Ethernet network. Each machine will be plugged into a switch port and thus Wireshark will only capture traffic directed to or from the capture machine. To capture traffic from another machine that is directed elsewhere than the capture machine you'll need to either "tap" into the Ethernet connection of the other machine, or if your switch hardware allows it, "span" or "monitor" the port of the target machine to the port of the capture machine. See the wiki page on Ethernet Capture Setup, in particular the section on Switched Ethernet. answered 03 Jul '15, 20:27  grahamb ♦ edited 03 Jul '15, 20:27 |
