This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture between two ip addresses

0

Team

I'm a newbie to wireshark, can someone tell me how to capture packets between two ip addresses from a different host?

Example: I'm using a Mac and want to capture packets from two remote windows pcs between those two windows pcs while not including any data from my mac.

Thanks

Technolust

asked 09 May '16, 13:09

Technolust's gravatar image

Technolust
6112
accept rate: 0%

Is this on a wired network (such as an Ethernet) or a Wi-Fi network?

(09 May '16, 13:24) Guy Harris ♦♦

This is on a wired network and using Wireshark 2.0.3

(09 May '16, 13:25) Technolust

One Answer:

0

This is on a wired network

OK, that could be difficult if not impossible, depending on what the machines are plugged into.

Ethernet was originally a passive network, and every host on the network could, if its adapter was in promiscuous mode, see all the traffic sent on the network, including traffic sent neither to nor from that host.

However, modern Ethernets tend to be switched networks, and the switch usually only sends to a host the traffic it thinks is intended for the host to see - either broadcast traffic, multicast traffic, or traffic sent to that host.

See the Wireshark Wiki article on Ethernet capture for details on this and on how to try to overcome those problems with switched networks.

If you manage to set up the network in that fashion, then you will want to 1) make sure you're capturing in promiscuous mode and 2) use a capture filter such as "host A and B", where "A" and "B" are the IP addresses of the two hosts whose traffic you're trying to capture.

answered 09 May '16, 13:33

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 09 May '16, 13:33

I had a feeling that was going to be the case, thank you for your response. Well clarifying things up.

(10 May '16, 07:41) Technolust