I was wondering is there a way to monitor a certain ip address or address range? thank you asked 01 Dec '10, 11:27  keyboard |
One Answer:
You can only monitor traffic seen on the interface you have Wireshark to capture on. You need to arrange for that traffic to be presented on that interface by whatever means. Usually this will mean port-mirroring on a switch that is carrying the traffic you are interested in. You can then use capture filters in wireshark to narrow the capture like "host 10.1.2.3" or "net 10.1.2.0/24" answered 01 Dec '10, 20:30  martyvis |
ok thank you. I was particularly wanting to watch certain machines but if I watch a network then I should still see everything on that network correct. Including the machine I am wanting to watch?