THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how do i capture packets from only 1 IP address

  • retag add tags

I'm new here and am only interested in capturing packets from 1 IP address? Is this possible and if so how can I do this? thanks in advance!

big_daddy_11's avatar
1
big_daddy_11
asked 2020-01-29 01:18:15 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Yes, it's possible - that's what "capture filters" are for; see the Wireshark User's Guide (look for "capture filters" in several places).

The syntax for capture filters is defined in the pcap-filter man page.

The filters to test for a single IP address are simple:

  • If you only want to capture packets from a given IP address, such as 192.16.135.134, and aren't interested in packets to that address, the filter would be src host 192.16.135.134 or just src 192.16.135.134.
  • If you only want to capture packets to a given IP address, such as 192.16.135.134, and aren't interested in packets from that address, the filter would be dst host 192.16.135.134 or just dst 192.16.135.134.
  • If you want to capture packets from or to a given IP address, such as 192.16.135.134, the filter would be host 192.16.135.134.

(Remember, if you want to capture all traffic involving that one IP address, capturing packets from that address won't work - that won't show traffic to that address.)

Guy Harris's avatar
19.9k
Guy Harris
answered 2020-01-29 02:12:13 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer