Wireshark-users: Re: [Wireshark-users] Capture Filter
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Michael Condon" <admin@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Oct 2008 19:56:29 -0500
This is a blind attempt to capture traffic to/from an IP address. Is there a less obtrusive alternative to capturing this traffic than infiltrating the internal infrastructure? ----- Original Message ----- From: "Guy Harris" <guy@xxxxxxxxxxxx> 
To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
Sent: Tuesday, October 14, 2008 2:49 PM
Subject: Re: [Wireshark-users] Capture Filter




On Oct 14, 2008, at 12:31 PM, Michael Condon wrote:


I am pretty sure that I have my capture filter set right - but
obviously not. I want to capture all traffic to a particular IP
address. However, it is only capturing traffic (such as an ICMP
request) between my machine and that IP.  How can I open this up to
all source/dst traffic


If you're capturing on Ethernet, make sure all the machines from which
you want to capture are plugged into a hub rather than a switch, or
that they're plugged into a switch with support for a "monitor port"
and plug your machine into that port, and run in promiscuous mode:

http://www.wireshark.org/faq.html#q7.1

http://wiki.wireshark.org/CaptureSetup/Ethernet

http://wiki.wireshark.org/SwitchReference
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users