ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] using ethereal between 2 pcs only

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Alexandre Rafalovitch <arafalov@xxxxxxxxx>
Date: Sat, 26 Mar 2005 08:04:03 -0500
Bunty,

Actually, what you are asking seems to be a functionality so basic
that the documentation should have answered it your question. At least
I, for one, have troubles figuring out exactly which step you have
problems with.

Let's try it step by step.

If you just do the capture (non-promiscuous mode), does your traffic
show up? I understand that you will get all the broadcast as well.
If it does, try filtering that only it shows. Find the instance of
your traffic packet, find the field you are interested in and
right-click on it.

You should then be able to 'prepare filter' by that field. The
expression should appear in the text field in upper left with
apply/clear buttons near it. I am not sure exact expression that will
create for MAC IDs, but for TCP addresses , you often need to modify
tcp.source == x.y.z.k to tcp.addr==x.y.z.k to ensure you get the
traffic in both directions.

Once you apply the filter, the rest of the traffic should be hidden.
Play around with making the filters and clearing the filters until you
get what you want. You may want to check expression builder if you
need field names.

This will get you the display filters, the capture will still have all
of the traffic. If you want to capture only the relevant traffic, you
need capture filters instead. At this point, the capture filters use
similar but different syntax. You can use capture filter expression
builder to make that one work, but I do suggest using display filters
first to learn your way around the field and values.

Hopefully this descriptions covers what you need. If it does not or if
you have problems along the way, please try to be more specific in
your email. You could say ' I did _this step_ and got _that result_. I
was expecting instead to see _something else_'. This way it is clear
what you want and what you got instead.

Good luck,
    Alex.

On 26 Mar 2005 07:15:26 -0000, bunty <bunty123_4@xxxxxxxxxxxxxx> wrote:
>  Hello all,
>              Is what i am asking is not possible??
>  Please answer my question.
>  Thanking you.
>  regards,
>  bunty.
>  
>  On Fri, 25 Mar 2005 bunty  wrote :
> 
>  >
>  >Hello all,
>  >          This is my first post to this list. I want to use ethereal in
> between 2 pcs which are on LAN. Also I dont want to receive broadcast
> meaasge. Only i want ethereal to capture traffic on my 2 pc's MAC addresses.
> Not to display traffice other than these 2 Ethernet MAC IDs.
>  >
>  >regards,
>  >bunty.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube