nilay yildirim wrote:
> Thanks. So how about if I wanted to only capture all packets to and from
> 10.10.10.10 <http://10.10.10.10> ( host ip adress) but just arp, dns and
> ping? What does this changes? Or I need to create another filter???
ARP packets don't go to or from IP addresses - they go to or from MAC
addresses, so you can't capture ARP traffic to or from 10.10.10.10, as
that notion makes no sense.
However, you could do
host 10.10.10.10 and (port domain or icmp[icmptype] = icmp-echo or
icmp[icmptype] = icmp-echoreply)
which will capture DNS and ICMP ping traffic to or from 10.10.10.10.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
