I need to filter some traffic (before capturing it) using the pcap / winpcap filter but this traffic comes from some different subnet ( different from my eth interface subnet ).
So if I apply a filter the pcap show me the packet that can lookup on my eth interface only ...
How can I get the filtered traffic that comes from "everywhere" (0.0.0.0/0) ?
I need to filter the data traffic before sending it to whireshark because I only need to check the DNS and SIP traffic for a long time ( may be for more than 1 week )... so I don't want to store Gbyte and Gbyte of not helpful data on my pc.....
Have you any suggestion ?
Marco
