How to capture the information just for one IP ADDRESS? (T-SHARK)

Dears

I need to capture just the traffic from one ip address in a network (in/out)

I use this command in linux : tshark -i 3 -f "host x.x.x.x" -w test.pcap

I capture all the traffic when i used that command without the -f "host x.x.x.x"

Could you help me?

Thanks in advance.

ip.addr capture-filter tshark

asked 16 May '13, 11:21

pdrorp
11●1●1●3
accept rate: 0%

edited 16 May '13, 11:23

One Answer:

active answers oldest answers newest answers popular answers

As tshark -i 3 -f "host x.x.x.x" -w test.pcap is indeed the right syntax under normal circumstances, I assume this command is not working for you. As you are saying that with the filter you do see all traffic (including traffic to/from host x.x.x.x), there must be some form of encapsulation in your traffic.

Most likely your packets are vlan tagged, could you try the filter "vlan and host x.x.x.x"? If this does not work, could you capture all packets and then look in Wireshark at all the layers before the IP layer and tell us which protocols are listed before IP?

permanent link

answered 16 May '13, 11:34

SYN-bit ♦♦
17.1k●9●57●245
accept rate: 20%

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

tshark ×832
capture-filter ×184
ip.addr ×3

question asked: 16 May '13, 11:21

question was seen: 12,857 times

last updated: 16 May '13, 11:34

How to capture the information just for one IP ADDRESS? (T-SHARK)

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions