This is a static archive of our old Q&A Site. Please post any new questions and answers at

How to capture between remote server and remote network



I want to capture packets going between a remote server in my VLAN and a remote subnet that is connected to the same core switch as my server. I also want to exclude any traffic coming from/to the server that I have Wireshark running on:

Wireshark is on server:

I want to capture traffic between: and the network

I assumed that the capture filter would look like one of these:

host and net


src net and host

I'm also not sure how to exclude traffic from

The capture is not showing any traffic but there should be lots of traffic between that host and that network.

What am I doing wrong?

asked 08 Jun '15, 06:19

rdub15's gravatar image

accept rate: 0%

One Answer:


This filter will capture bi-directional traffic between the server and network, while excluding the traffic from your Wireshark machine:

host and net 10.100.100 and !(host

answered 08 Jun '15, 07:35

Amato_C's gravatar image

accept rate: 14%

Thanks, Amato_C. The filter you wrote looks like it should work, but it still isn't. Is there anything else I'm not taking into consideration? I'm not very familiar with Wireshark but I know that traffic is passing between that server and that subnet. The server is a fax server and the subnet is for the VOIP switches. We are using FOIP and I know that faxes are being sent and received. I'm very confused as to why I can't capture the packets...

(08 Jun '15, 08:45) rdub15

Let's start with the basics. Maybe your configuration is not correct to capture traffic. Please read the following Wiki:

I suspect you are capturing traffic on a switch port which has not been configured as a mirror port.

(08 Jun '15, 08:51) Amato_C