I am absolutely new to Wireshark but I am asked to trace the complete traffic between to machines (IP addresses are known, but nothing else). How can I do this?
thx a lot
asked 10 Jul '12, 16:30
edited 10 Jul '12, 19:53
First you have to position Wireshark where it can capture the traffic between the two machines. You can install Wireshark on one of the two machines, or you can connect your Wireshark computer to a switch that the traffic passes through and use port mirroring.
To limit the captured traffic to only the IP traffic between the two machines, enter this capture filter: "host ip-address-1 and host ip-address-2" For example, "host 192.168.1.1 and host 192.168.1.25"
Or you can capture all the traffic and then use this display filter to show only the traffic between the two machines: "ip.addr==192.168.1.1 && ip.addr==192.168.1.25"
answered 10 Jul '12, 19:53