This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

In localnetwork 20 computers, my ip 192.168.0.77. Gateway address 192.168.0.1. I need to know who visits the site "http://abcdef.ua/ and intercept all data. Please help me set up Wireshark and filter interception.

asked 06 Jul '15, 04:09

cbrshark's gravatar image

cbrshark
6112
accept rate: 0%


The best way to capture the traffic:

  1. Configure the switch for port mirroring (aka SPAN) on the gateway's Ethernet interface to the switch. In case you do not have a managed switch, then refer to the link below on the Wireshark wiki regarding Ethernet capturing: https://wiki.wireshark.org/CaptureSetup/Ethernet
  2. In Wireshark, setup a capture option (Capture / Options) and create a capture filter: host www.abcdef.ua

This filter will capture traffic to and from the IP address associated with the website.

permanent link

answered 06 Jul '15, 05:55

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×8
×3

question asked: 06 Jul '15, 04:09

question was seen: 3,212 times

last updated: 06 Jul '15, 05:55

p​o​w​e​r​e​d by O​S​Q​A