Solved

Wireshark: View only Host Sent

Posted on 2012-03-26
4
489 Views
Last Modified: 2012-06-27
I'm using wireshark for some projects.

How do I filter to view only packets SENT by my host computer?
0
Comment
Question by:Pancake_Effect
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 37768575
tshark host 1.2.3.4 port XX

  for transactions originating from IP 1.2.3.4 port XX

or

tshark -V host 1.2.3.4 port XX
 
   for detail of the same
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 500 total points
ID: 37768817
You have more options.
Asume you are on 192.168.1.4 with MAC-addr=00:1a:4b:f9:fe:d3
If you already have the captue, you can view trafic with source  filter like:
eth.src==00:1a:4b:f9:fe:d3   at ethernet level or at IP-level filter like:
ip.src==192.168.1.4

At capture time you can also from within Wireshark under Capture-options-'capture filter' use:
ether host 00:1a:4b:f9:fe:d3    or
host  192.168.1.4

HTH
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 37769191
When I use something like host  192.168.1.4, it shows the receiving packets too.

I have a Ip address for example: 192.168.0.5

How do I make it ONLY show packets it's sending out. I want to see all traffic (not just certain ports or protocols)
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 37769304
Never mind, I looked at your answer closer and found the one that I needed!

It was the ip.src==192.168.1.4

Thanks so much!
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was at a customer and we recently set up a new DNS Server.  I asked him to ensure that all servers pointed to the new server.  140 remote servers – estimated 6 days of work to do this manually. Ever had this experience and just need to get the …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question