This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how can I filter activity that is just between a PC and server, or between two servers?

0

I'm brand new to WireShark. I simply want to evaluate the network activity between one user's PC, and the application and data servers their session is communicating with. I have, or can get, the IP addresses for all.

asked 30 Oct '13, 13:14

Zorro's gravatar image

Zorro
11113
accept rate: 0%

One Answer:

1

Display filter: ip.addr==192.168.1.1 && ip.addr==192.168.1.10

Capture filter: host 192.168.1.1 and host 192.168.1.10

...substituting the correct IP addresses, of course.

answered 30 Oct '13, 13:26

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Just in case this is not clear: note that Wireshark will normally need to be run on one of the endpoints, (e.g., the user PC) to be able to capture traffic between that endpoint and other nodes.

There certainly are ways to capture traffic between various nodes on a network from a 3rd node, but they are more complicated.

See:

CaptureSetup

(30 Oct '13, 13:55) Bill Meier ♦♦