Wireshark-users: Re: [Wireshark-users] Secured way of using Wireshark
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 16 Jun 2010 01:01:08 -0400
I was confused by the question too, but if I focus only on the question asked, namely, "Is there a way to capture packets from/to a selected list of IP address on a LAN?", then the answer is yes. 
 
First you must set things up so the machine doing the capturing has access to the packets of interest.  This may involve adding a hub, enabling port mirroring on a switch, etc.  See http://wiki.wireshark.org/CaptureSetup for more information.
 
And second, you must use an appropriate capture filter.  For example, if you want to capture all packets sent from/to 2 hosts (assume IP addresses IP1 and IP2), to any other host then you might use the following capture filter to accomplish this: "host IP1 or host IP2".  If you only want to see packets sent between those 2 hosts, then you would use, "host IP1 and host IP2".  See http://wiki.wireshark.org/CaptureFilters for more information on capture filters.
 
Now if you want to "restrict the packet capturing to a set of machines ...", then that's a different problem to solve.
 
- Chris
 
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Martin Visser
Sent: Tuesday, June 15, 2010 8:57 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Secured way of using Wireshark

Nag,

I'm not sure what you mean by your question. Capturing packets is for the most part passive, in that you are saving packets to a file for viewing. Wireshark does not propagate packets to the rest of the network, no matter how virus laden they are. (Certainly as long as those packets are not specially crafted to maybe exploit a vulnerability in wireshark itself, which while it ihas been done, is very very rarely actually seen in the wild).

Regards, Martin

MartinVisser99@xxxxxxxxx


On Tue, Jun 15, 2010 at 6:55 PM, Nagendrababu Maseedu <Nagendra.Babu.Maseedu@xxxxxxxxxxxxx> wrote:

Hi,

 

Is there a way to capture packets from/to a selected list of IP address on a LAN?

The need is to restrict the packet capturing to a set of machines so that security breach does not happen on other machines on the same network.

 

Please let me know if you have any other mechanism to satisfy this need.

 

 

Kind regards,

Nag.


NOTICE: The information contained in this electronic mail transmission is intended by Convergys Corporation for the use of the named individual or entity to which it is directed and may contain information that is privileged or otherwise confidential. If you have received this electronic mail transmission in error, please delete it from your system without copying or forwarding it, and notify the sender of the error by reply email or by telephone (collect), so that the sender's address records can be corrected.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and 
notify us either by email, telephone or fax. You should not copy,
forward, or otherwise disclose the content of the email.