> > 'Help' -> 'Capture filters'. Assuming you're running 0.10.7.
>
> I've had a look at this. But it seems to be based on external
> networks. The problem is that the destination IP in the header will be
> my external IP but I don't want to filter it by my external IP because
> that will find everything. I want to filter it by the IP it will head
> to on my local network.
>
> Darrell
>
If I understand it correctly, that means that your Linux box is doing NAT or is an application gateway -e.g. a HTPP proxy-. If it is doing it correctly, there is nothing in the external packet that identifies the internal box; so it is not possible to filter the way you want - the information simply is not there-. Possible alternatives might be:
- configure your NAT functionality to use specific ports for each internal machine
- monitor in the internal interface -i.e. the one in your Linux box where it receives the traffic from the internal box, before translation
Regards,
Francisco