I want to capture packets going between a remote server in my VLAN and a remote subnet that is connected to the same core switch as my server. I also want to exclude any traffic coming from/to the server that I have Wireshark running on:
Wireshark is on server: 10.250.255.241
I want to capture traffic between: 10.250.255.77 and the 10.100.100.xxx network
I assumed that the capture filter would look like one of these:
host 10.250.255.77 and net 10.100.100.0/24
src net 10.100.100.100.0/24 and host 10.250.255.77
I'm also not sure how to exclude traffic from 10.250.255.241
The capture is not showing any traffic but there should be lots of traffic between that host and that network.
What am I doing wrong?
asked 08 Jun '15, 06:19
This filter will capture bi-directional traffic between the server and network, while excluding the traffic from your Wireshark machine:
host 10.250.255.77 and net 10.100.100 and !(host 10.250.255.241)
answered 08 Jun '15, 07:35