This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

I want to capture packets going between a remote server in my VLAN and a remote subnet that is connected to the same core switch as my server. I also want to exclude any traffic coming from/to the server that I have Wireshark running on:

Wireshark is on server: 10.250.255.241

I want to capture traffic between: 10.250.255.77 and the 10.100.100.xxx network

I assumed that the capture filter would look like one of these:

host 10.250.255.77 and net 10.100.100.0/24

or

src net 10.100.100.100.0/24 and host 10.250.255.77

I'm also not sure how to exclude traffic from 10.250.255.241

The capture is not showing any traffic but there should be lots of traffic between that host and that network.

What am I doing wrong?

asked 08 Jun '15, 06:19

rdub15's gravatar image

rdub15
6224
accept rate: 0%


This filter will capture bi-directional traffic between the server and network, while excluding the traffic from your Wireshark machine:

host 10.250.255.77 and net 10.100.100 and !(host 10.250.255.241)

permanent link

answered 08 Jun '15, 07:35

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

Thanks, Amato_C. The filter you wrote looks like it should work, but it still isn't. Is there anything else I'm not taking into consideration? I'm not very familiar with Wireshark but I know that traffic is passing between that server and that subnet. The server is a fax server and the subnet is for the VOIP switches. We are using FOIP and I know that faxes are being sent and received. I'm very confused as to why I can't capture the packets...

(08 Jun '15, 08:45) rdub15

Let's start with the basics. Maybe your configuration is not correct to capture traffic. Please read the following Wiki: https://wiki.wireshark.org/CaptureSetup/Ethernet

I suspect you are capturing traffic on a switch port which has not been configured as a mirror port.

(08 Jun '15, 08:51) Amato_C
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×184

question asked: 08 Jun '15, 06:19

question was seen: 1,826 times

last updated: 08 Jun '15, 08:51

p​o​w​e​r​e​d by O​S​Q​A