I’m a real newbie when it comes to using wireshark. How do I go about removing all filters and then adding a single filter to capture all communications to or from a given site that I can get to wirelessly? I just downloaded the product today and I’m absolutely overwhelmed at what it has to offer.
Wireshark enables you to use the “contains” filter which searches for a specified string. This can be used to look for a particular website in conjunction with filtering for http or https. An example filter could be http contains "http://www.wireshark.org"; This would filter for only packets on port 80 that contain that URL. Fiddling with the string you may get better results. This website has more information on the “contains” option http://www.wireshark.org/docs/man-pages/wireshark-filter.html under Search and Match Operators.
Another newbie with a similar question.
I’d like to monitor only the packets that arrive from one specific internet ip address.
Looking at the example in the man-pages I created a filter with the line
ip.src == xx.yy.zz.nnn (the source ip address I’d like to monitor).
I get the following message : That string isn’t a valid capture filter (syntax error).
Once I’d get the syntax right, how do I then proceed to ONLY capture that specific traffic?