Hi all, I am remotely capturing packets from two different machines simultaneously, and was wondering if it is possible to either separate the two machines completely by their IP address, or if I need to, somehow run two instances of Wireshark at the same time? Sorry for the newbie questions, I have been looking through the user guide but can't seem to find anything about this. Or maybe I'm not phrasing my question very well. Thanks in advance asked 27 Oct '15, 09:51  MWMWMW |
One Answer:
You can do either/both. If you run a single Wireshark instance and capture traffic to/from both machines, you can use Wireshark display filters to display traffic to/from only 1 of the machines, and you can even save those packets matching the filter to a separate file. If you prefer, you can instead launch 2 Wireshark instances with each one capturing traffic only to/from a particular machine using an appropriate capture filter. Use whichever method best meets your needs. answered 27 Oct '15, 11:03  cmaynard ♦♦ |
Great, thank you very much for the help