This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Windows 10 Capture

0

Okay i'm using wireshark for the first time and i need it for my thesis, so i wanted to ask if there is a possibility too use a filter for windows so i can see all connections from windows to windows

asked 22 Dec '15, 23:40

plonerich's gravatar image

plonerich
6112
accept rate: 0%

What do you mean by "windows to windows". Wireshark has filters for network protocols and endpoints, not host OSs.

(24 Dec '15, 07:44) grahamb ♦

One Answer:

0

It is not possible to see only the traffic for Windows to Windows because there are no filters in wireshark for OSes but if you capturing from live wire and you are allowed to scan the network you can use nmap first to find out IP address of all windows host and then use capture filter to capture traffic for only windows endpoints.

with nmap you can find the OS of the machine by using following command

nmap -v -O --osscan-guess 192.168.1.0/24

Then you can use the capture or display filters for to display the traffic of windows endpoints

sorry for my bad English

answered 24 Dec '15, 10:36

Muhammad%20Irshad's gravatar image

Muhammad Irshad
16115
accept rate: 0%