Situatie
Wireshark is a network packet analyzer or tracer. Network Packet Analyzer displays captured packet data in as much detail as possible. It is a popular open-source network protocol analyzer used by ethical hackers to analyze network traffic to identify vulnerabilities or potential security breaches.
Solutie
Pasi de urmat
Implementation
Suppose, an IP address is in the packet capturing window, users want to extract the information of a particular IP address and see where it is going and from where it is receiving the information, helping users to filter a particular IP address and its source and destination.
Filter by IP in Wireshark
Step 1: So firstly you have to open the Wireshark Tool in your window, or in Linux. Now we will see where to put the filter in Wireshark. as you can see arrow in the image. there is written the Apply a display filter-
So now we will start capturing the packet and select the network interface that we want to capture packets. Select the wifi network interface to capture the packet. after starting, you will see that interface.
Now we will put the IP Display filter in Wireshark. suppose in your system many kinds of source IPs are coming and you want to filter any particular IP.
Source IP Address – Display filter for source IP Address.
ip.src == x.x.x.x (source ip address)
After putting the IP in the display filter press enter. whatever source IP you put that similar IP is showing in the image.
Now we will put the destination IP address and display filter.
Destination IP Address – Display filter for source IP Address.
ip.dst == x.x.x.x (destination ip address)
Suppose the user wants to find any random or only one IP address displayed in the filter.
ip.addr == x.x.x.x (ip address)
While performing IP filtering users wants to know for which (Protocol) ports and services are IP address is connecting, now help the user to filter the required (Protocol) port or service.
Now in this step we will put the IP addresses capture filter in Wireshark. for that you need to go capture -> option. and then put the host IP address in the capture-selected interface. as you can see in the image.
Leave A Comment?