Start Free TrialLog in
Avatar of Goraps
GorapsFlag for Canada

asked on 

WireShark - Packet capture on a single IP

I have a laptop with wireshark 1.10.1 running in my server room, attached to the switch where the system I want to packet sniff. How do I setup WireShark just to sniff what is coming out of 1 single IP address? Please advise.

Regards,

GoRaps
Network AnalysisTCP/IPNetwork Management
Avatar of undefined
Last Comment
Darr247
Avatar of dipopo
dipopo
Flag of United Kingdom of Great Britain and Northern Ireland image
Your question sounds odd "WireShark just to sniff what is coming out of 1 single IP address? Please advise"

I'm guessing you meant 1 interface/port, which wireshark can do and filter for your specific IP. Be sure to install winPcap.

Also have you set-up a span port to mirror everything to the port you are connected to?

http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_19_ea1/configuration/guide/swspan.html
Avatar of Goraps
Goraps
Flag of Canada image

ASKER

Sorry yes... I want to capture what is coming out of 1 interface. By default is it capturing all DATA?
Avatar of dipopo
dipopo
Flag of United Kingdom of Great Britain and Northern Ireland image
Yes, all data will be captured as winPcap will put the interface into promiscuous mode and accept all. You can then filter for specific IP,protocols or other.
Avatar of Goraps
Goraps
Flag of Canada image

ASKER

Is that data easily readable or do I need something else make this happen?
Avatar of dipopo
dipopo
Flag of United Kingdom of Great Britain and Northern Ireland image
Its easily readily human readable.
Avatar of Qlemo
Qlemo
Flag of Germany image
You should have a capture filter example in WireShark for filtering for a specific IP address, so it should be very easy for you to set it up (the example is called "IP address", the capture filter expression is "host 192.168.141.22" - replace the IP address with the one you want to monitor).
In WireShark you need to differ between display filters  - those can be set on the fly while capturing, and have a different syntax, but do not restrict the data captured, only what you see at the moment -  and capture filters, which will exclude anything from being captured which does not fit into the filter, reducing the amount of data.
ASKER CERTIFIED SOLUTION
Avatar of Darr247
Darr247
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Network Management
Network Management

Network Management involves issues that are independent of specific hardware or software, including email policies, upgrade planning, backup scheduling and working with managed service providers for Desktop-As-A-Service (DaaS), Software-As-A-Service (SaaS) and the like through the use of tools, coupled with manufacturer standards, best practice guidelines, policies and procedures plus all other relevant documentation. Network management also includes monitoring, alerting and reporting, management reporting, planning for device or service updates, the backup of configurations, the setting of key performance indicators and measures (KPIs/KPMs), associated service level agreements and problem records as part of the IT Service Management (ITSM) framework.

14K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent