Wireshark-users: Re: [Wireshark-users] Filtering Network address
From: "Muhammad Ghazali" <muhammad.ghazali@xxxxxxxxx>
Date: Tue, 20 Feb 2007 09:46:38 +0700
On 2/20/07, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
On Tue, Feb 20, 2007 at 08:20:43AM +0700, Muhammad Ghazali wrote:

> How can filter to capture only packet coming and going to 1.1.1.1?

Using the display filter near the top of the Wireshark window, type in:

  ip.addr == 1.1.1.1

Ok I tried host 1.1.1.1 as Guy suggested, and it works.

> I want to measure the response time of a web application and the smtp
> server from a branch office, what is the best way to do it?

There are built-in functions for measuring response time for some
protocols (Statistics->Response Time), but unfortunately none for SMTP
or HTTP.  I can't think of another way off hand other than manually
looking at the packet list.

Can you tell me the trick how to measure the response time of the web
application and the smtp response by manually looking at the packet?

How can I follow a trace of a conversation? (From the Syn request
until the end of the transaction). Example of the conversation is a
login process to a web application.

I like the graphical statistic, how can I convert wireshark format
into Sniffer Pro 475 one? I once converted an ethereal to sniffer
format and it worked. But I've just tried the conversion (by  means of
the save menu) from wireshark with no success.

Thanks