This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Need to capture 3 IP address at remote location

I need to use wireshark to capture packets to and from 3 specific IP addresses. I have never used Wireshark before. I would like to set the capture to monitor the 3 IP addresses for 5 days. I an at a loss trying to set it up from my machine. Thanks in advance.

specific ip remote wireshark

asked 24 Apr '13, 09:57

Mugwione19
11●1●1●2
accept rate: 0%

One Answer:

The placement of a sniffer is very important to get your desired results. Typically, a sniffer would be placed with visibility of the interesting traffic (your 3 IPs). This could be a WAN port for example, or inline via a network tap, or via a SPAN port.
To do an extended capture for 5 days I would use dumpcap with a HOST filter since it's stateless and you can use ring buffers to manage the storage.

Since you have not used Wireshark before, I highly recommend you experiment with it on your local interface and LAN first.
There are many ways to study up on Protocol Analysis. I would get Laura Chappell's Wireshark Network Analysis book, and check out http://wiresharktraining.com

Wireshark is a great tool, but your synopsis doesn't offer enough topology information to offer a more specific solution, sorry.

Hope this is helpful though, John

answered 29 Apr '13, 11:15

John_Modlin
120●5
accept rate: 0%

Hi,

That was very informative. However would it be possible to sniff out without being physically near to the target machine? The methods outlined above would require one to have a close proximity to hardware in question.

Thanks

(24 Aug '13, 10:57) igodspeed

You need to sniff something in the line-of-path of traffic to and from the target machines. Where exactly to do that depends on your network topology.

(24 Aug '13, 23:10) Quadratic