This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I capture, on a switched network, unicast packets to a specific IP address ?

0

The network environment is a common star network with network switch (not hub). I need to capture the packets that to a specific IP address from anywhere (e.g. any PC to PC01) I've a computer that connected to a normal switch port (not management port) has wireshark installed (e.g. PC02)

What I need is use this PC02 to capture all traffic that the destination is PC01 and the source is from anywhere. How can I make it ?

asked 06 Oct '15, 20:47

DHL's gravatar image

DHL
6112
accept rate: 0%

edited 06 Oct '15, 23:12

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

0

If I were you, I would start here:
https://wiki.wireshark.org/CaptureSetup/Ethernet

answered 06 Oct '15, 21:18

Christian_R's gravatar image

Christian_R
1.8k2625
accept rate: 16%

hello Christian, I read that page before. And seems that the most feasible way is Switch + Monitor port. But not every switch has monitor port.

(06 Oct '15, 21:36) DHL

Yes, that is right. It is a special function of a switch. The alternative is to use a tap. For more precision you need a tap.

(06 Oct '15, 21:58) Christian_R