Wireshark-users: Re: [Wireshark-users] Capture Filter

From: "Ryan Zuidema" <Ryan.Zuidema@xxxxxxxxxxx>
Date: Tue, 14 Oct 2008 12:42:26 -0700

Hi Michael, there can be many reasons you aren’t seeing what you expect. In order of importance:

 

First: wireshark will only capture what it sees on the wire. Make sure your capturing on a hub, or mirrored/span/monitor port on the switch.

 

Second: Be sure to check the “capture in promiscuous mode” otherwise it will drop everything except what’s to/from your station.

 

Third: What capture filter string are you using? If you don’t filter at all do you get the intended traffic?

 

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Michael Condon
Sent: 2008-10-14 12:32
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Capture Filter

 

I am pretty sure that I have my capture filter set right - but obviously not. I want to capture all traffic to a particular IP address. However, it is only capturing traffic (such as an ICMP request) between my machine and that IP.  How can I open this up to all source/dst traffic