Wireshark · Ethereal-users: Re: [Ethereal-users] Capture by IP Address

Ethereal-users: Re: [Ethereal-users] Capture by IP Address

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Sun, 9 Mar 2003 16:25:07 -0800

On Sun, Mar 09, 2003 at 06:08:30PM -0500, James Fields wrote:
> For a capture filter (i.e. only capture packets that match this filter):
> 
> host 192.168.0.1
> 
> That should work regardless of whether that IP address is the source
> or destination in the packet. 

And if you want to check only the source address, try

	src host 192.168.0.1

The capture filter syntax is described in the tcpdump/WinDump manual for
the version of tcpdump/WinDump that goes with whatever version of
libpcap/WinPcap you have installed; for WinPcap 2.3, that's

	http://windump.polito.it/docs/manual.htm

Look for the

	expression 
	     selects which packets will be dumped.  If no expression is
	     given, all packets on the net will be dumped.  Otherwise,
	     only packets for which expression is `true' will be dumped.

			...

section.

References:
- [Ethereal-users] Capture by IP Address
  - From: Neil Dupres
- Re: [Ethereal-users] Capture by IP Address
  - From: James Fields

Prev by Date: Re: [Ethereal-users] Capture by IP Address
Next by Date: Re: [Ethereal-users] Is packet sent out already?
Previous by thread: Re: [Ethereal-users] Capture by IP Address
Next by thread: [Ethereal-users] Ethereal-users digest, Vol 1 #1108 - 8 msgs
Index(es):
- Date
- Thread