This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

src host capture filter not working!

0

Hi.I need to see packets coming from OR going to ip xxx.xxx.xxx.xxx using capture filter but src host capture filter not working for me! I write src host 192.168.1.100 (My IP) and I capture traffic to or from my IP address but I want to capture only traffic from this IP.Also, is there any way to see the capture process, the number of captured packets, etc as in Tshark (linux terminal):

[]# tshark -i eth1 dst host 207.35.208.194 or src host 207.35.208.194

Capturing on eth1

0.000000 208.77.1.33 -> 207.35.208.194 SIP Status: 200 OK (1 bindings)

7.475218 208.77.1.33 -> 207.35.208.194 SIP Status: 200 OK (1 bindings)

6 packets captured

Thanks in advance!

asked 06 Mar '13, 09:49

zig69's gravatar image

zig69
11336
accept rate: 0%


One Answer:

0

To limit captures for packets to or from a host use the capture filter host a.b.c.d.

I don't understand the second part of the question, are you talking about the Wireshark GUI?

answered 06 Mar '13, 09:56

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Ok, thanks but I need to capture only traffic from my IP, and yes, I am talking about WS GUI (I see all traffic to and from my host in GUI using src host a.b.c.d and I need to see only traffic exiting from my host... Thanks again!

(06 Mar '13, 10:05) zig69
1

instead of src host x.x.x.xx please use src x.x.x.x

(06 Mar '13, 10:17) Kurt Knochner ♦

Both forms are working properly for me on PortableApps version 1.8.5.

(06 Mar '13, 12:24) Jim Aragon