Hi There, I would like to capture "multiple host" tcp trace in wireshark. An Example, I am getting a request from ip host "a.b.c.d" on port 15900 (of my server). processing this request and forward request to host "w.x.y.z" and listing reply on port 15122 (of my server). Processing response from host "w.x.y.z" and reply back to host "a.b.c.d". My question is, how to capture these tcp trace in single live capture. I tried combination of or & and but no result. However when i run 2 live capture, one for host "a.b.c.d" and another for "w.x.y.z" its working well. please suggest. Thanks Vikash Kumar This question is marked "community wiki". asked 20 Nov '13, 21:54  VikashKumar |
One Answer:
Please try the following capture filter
If that does not work, because the ports are changing, try the following
and then use a display filter to find whatever you are interested in. Regards answered 21 Nov '13, 02:44  Kurt Knochner ♦ |
