Solved

Wireshark: View only Host Sent

Posted on 2012-03-26
4
467 Views
Last Modified: 2012-06-27
I'm using wireshark for some projects.

How do I filter to view only packets SENT by my host computer?
0
Comment
Question by:Pancake_Effect
  • 2
4 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 37768575
tshark host 1.2.3.4 port XX

  for transactions originating from IP 1.2.3.4 port XX

or

tshark -V host 1.2.3.4 port XX
 
   for detail of the same
0
 
LVL 17

Accepted Solution

by:
jburgaard earned 500 total points
ID: 37768817
You have more options.
Asume you are on 192.168.1.4 with MAC-addr=00:1a:4b:f9:fe:d3
If you already have the captue, you can view trafic with source  filter like:
eth.src==00:1a:4b:f9:fe:d3   at ethernet level or at IP-level filter like:
ip.src==192.168.1.4

At capture time you can also from within Wireshark under Capture-options-'capture filter' use:
ether host 00:1a:4b:f9:fe:d3    or
host  192.168.1.4

HTH
0
 
LVL 4

Author Comment

by:Pancake_Effect
ID: 37769191
When I use something like host  192.168.1.4, it shows the receiving packets too.

I have a Ip address for example: 192.168.0.5

How do I make it ONLY show packets it's sending out. I want to see all traffic (not just certain ports or protocols)
0
 
LVL 4

Author Closing Comment

by:Pancake_Effect
ID: 37769304
Never mind, I looked at your answer closer and found the one that I needed!

It was the ip.src==192.168.1.4

Thanks so much!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
restore testing exchange 1 47
CDC audit 17 86
Monitoring Software: Which is best? 9 73
Read-only SNMP string example ? 7 34
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now