This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filtering specific IP

1
1

I am new to wireshark and would like to know the easiest way of Filtering all traffic coming and going from a specific IP address on out network. any help would be greatly appreciated.

asked 29 Nov '12, 13:34

ksimpson's gravatar image

ksimpson
16122
accept rate: 0%


One Answer:

2

You can use a capture filter

host 10.10.10.1

or a display filter

ip.addr == 10.10.10.1

You'll find general information about Wiresahrk in the Wiki.

http://wiki.wireshark.org/

The following videos might also be interesting:

http://www.youtube.com/watch?v=pk4OfsxxB4g&feature=related
http://www.youtube.com/watch?v=NHLTa29iovU
http://wiresharkdownloads.riverbed.com/video/wireshark/introduction-to-wireshark/

Regards
Kurt

answered 29 Nov '12, 13:55

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 29 Nov '12, 13:57

I have tried that and I am still getting everything not that one specific IP.

(29 Nov '12, 14:00) ksimpson

what exactly did you try?

(29 Nov '12, 15:50) Kurt Knochner ♦

the capture filter then the display filter, I did install wireshark on another machine and got the capture filter to work except it is only showing information from the same vlan as the machine i am wanting to watch.

(30 Nov '12, 09:13) ksimpson

only showing information from the same vlan as the machine i am wanting to watch.

well, that's normal, as you need to setup a proper capturing environment to see traffic of other VLANs and/or other systems.

http://wiki.wireshark.org/CaptureSetup/Ethernet

Basically you need to configure port mirroring on your switch (see link above).

(30 Nov '12, 10:51) Kurt Knochner ♦