Team I'm a newbie to wireshark, can someone tell me how to capture packets between two ip addresses from a different host? Example: I'm using a Mac and want to capture packets from two remote windows pcs between those two windows pcs while not including any data from my mac. Thanks Technolust asked 09 May '16, 13:09  Technolust |
One Answer:
OK, that could be difficult if not impossible, depending on what the machines are plugged into. Ethernet was originally a passive network, and every host on the network could, if its adapter was in promiscuous mode, see all the traffic sent on the network, including traffic sent neither to nor from that host. However, modern Ethernets tend to be switched networks, and the switch usually only sends to a host the traffic it thinks is intended for the host to see - either broadcast traffic, multicast traffic, or traffic sent to that host. See the Wireshark Wiki article on Ethernet capture for details on this and on how to try to overcome those problems with switched networks. If you manage to set up the network in that fashion, then you will want to 1) make sure you're capturing in promiscuous mode and 2) use a capture filter such as "host A and B", where "A" and "B" are the IP addresses of the two hosts whose traffic you're trying to capture. answered 09 May '16, 13:33  Guy Harris ♦♦ edited 09 May '16, 13:33 I had a feeling that was going to be the case, thank you for your response. Well clarifying things up. (10 May '16, 07:41) Technolust |
Is this on a wired network (such as an Ethernet) or a Wi-Fi network?
This is on a wired network and using Wireshark 2.0.3