I'm just see this app from today i'm like its i'm test to capture,its ok but i can't fill IP target (like my PC IP 192.168.1.1)and target IP is 192.168.1.2 so i'm want capture on IP 192.168.1.2 how to do? i can't see about do on its!!! help pls asked 29 Dec '10, 23:53  morokat |
4 Answers:
You can't use Wireshark to capture on another target PC. However if the capture interface you are using can see traffic heading to and from that target PC then you can a. capture that traffic and b. filter it. In the capture filter, you need a filter "host 192.168.1.2" In the display filter (which filters traffic after it has been captured) you can just set "ip.addr eq 192.168.1.2" answered 30 Dec '10, 00:08  martyvis |
yes like this , when i'm fill its error like in pictuer answered 30 Dec '10, 00:14 morokat The filter will need to be "host x.x.x.x" instead of just "x.x.x.x" (30 Dec '10, 00:18) SYN-bit ♦♦ |
You can have a look at the CaptureSetup page on the Wireshark wiki to learn how to capture traffic from other systems. answered 30 Dec '10, 00:16  SYN-bit ♦♦ |
i'm still not see the way for fill its!!!!! answered 30 Dec '10, 00:23 morokat To which answer or comment is this a reply? Please use "add new comment" to respond to earlier given answers instead of posting a new answer (this is not a forum, this is a Q&A site, which works slightly different :-)). Have you checked the link I sent you in an earlier answer? Please do... (30 Dec '10, 00:41) SYN-bit ♦♦ sorry and thanks you (30 Dec '10, 00:46) morokat i'm still can't use !!!! i want capture 192.168.1.192 that is from swict (30 Dec '10, 01:10) morokat Have you read the "CaptureSetup" page I mentioned earlier? (30 Dec '10, 01:23) SYN-bit ♦♦ yes i read here http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_on_the_machine_you.27re_interested_in http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_using_a_monitor_mode_of_the_switch http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_using_a_MITM_.28Man-In-The-Middle.29_software and here http://wiki.wireshark.org/CaptureSetup/Ethernet#Capture_using_an_Ethernet_hub but all talk and talk not see tutorial about how to use sorry i'm very newbie about this app (30 Dec '10, 01:28) morokat Analyzing network traffic is not straightforward with a one-solution-fits-all scenario. It is therefor not easy to provide a tutorial, as each setup can be different. It also depends on the knowledge level of the person wanting to do the analysis. You might want to read the book "Wireshark Network Analysis" by Laura Chappell (http://www.wiresharkbook.com/), which is an excellent introduction to Network Analysis. (30 Dec '10, 01:50) SYN-bit ♦♦ Morokat, Please answer the following questions so people can help you. 1) Are you using a switch? 2) What is the name/model of the switch? 3) Which PC (192.168.1.1 or 1.2) has Wireshark installed? thanks you my following here 1. yes i'm using switch 2. switch name TENDA 16 switch 3. 192.168.1.1 install Wireshark waiting for ur kind (30 Dec '10, 18:43) morokat Morokat, It is important to be precise when providing information for us. Tenda has multiple switch models. Tenda has two 16 port switches. One supports port-mirroring, the other doesn't. Only with port-mirroring will you be able to usefully see traffic to and from another computer. What is the exact model you have? (30 Dec '10, 19:29) martyvis showing 5 of 8 show 3 more comments |
Morokat, Please answer the following questions so people can help you. 1) Are you using a switch? 2) What is the name/model of the switch? 3) Which PC (192.168.1.1 or 1.2) has Wireshark installed?
In general, on a switch, you have to redirect the packets of 1.2 host to your PC running wireshark (1.1). The way to do it depends on the model/brand of your switch.