This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark intercept gateway in localnetwork.

0

In localnetwork 20 computers, my ip 192.168.0.77. Gateway address 192.168.0.1. I need to know who visits the site "http://abcdef.ua/ and intercept all data. Please help me set up Wireshark and filter interception.

asked 06 Jul '15, 04:09

cbrshark's gravatar image

cbrshark
6112
accept rate: 0%


One Answer:

0

The best way to capture the traffic:

  1. Configure the switch for port mirroring (aka SPAN) on the gateway's Ethernet interface to the switch. In case you do not have a managed switch, then refer to the link below on the Wireshark wiki regarding Ethernet capturing: https://wiki.wireshark.org/CaptureSetup/Ethernet
  2. In Wireshark, setup a capture option (Capture / Options) and create a capture filter: host www.abcdef.ua

This filter will capture traffic to and from the IP address associated with the website.

answered 06 Jul '15, 05:55

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%