Filtering non-local IP traffic with Wireshark

networking wireless-networking wireshark traffic-filtering
7,376

Solution 1

Since traffic bound for the internet will need to go through a router of some sort to get there, the IP packets will be given the MAC address of the router as the destination. You can filter for all packets with the router's MAC address (e.g. eth.dst == 00:0f:66:03:50:a7) as the destination.

Solution 2

No. "Multicast" is a special set of addresses (224/4). "Broadcast" is a special address within a network ("all ones", e.g. the broadcast address for 192.168/16 is 192.168.255.255). You will need to make sure that one of the addresses in the packet is not of the local network.

Solution 3

There is another way to filter out local traffic from egress: Combine a filter of "only IP traffic" AND "only IP-adresses excluding 10.0.0.0/8". Enter this inthe filter window (when running a capture)> ip && !(ip.dst==10.0.0.0/8)

if you need to exclude the 192er range > ip && !(ip.dst==192.168.0.0/16)

Share:
7,376

Related videos on Youtube

baobeiii
Author by

baobeiii

Updated on September 17, 2022

Comments

  • baobeiii
    baobeiii over 1 year

    If I capture traffic through my wireless card, I get a ton of different kinds of packets showing up. I'd only like to see traffic that is destined for the internet, i.e., no network stuff that is local. If I use Wireshark as a capture filter for 'no multicast and broadcast' then will all the packets I see only be those that are destined for the internet? Thanks.

  • baobeiii
    baobeiii over 13 years
    So what filter setting do i need to only see internet destined or internet sourced packets?
  • Ignacio Vazquez-Abrams
    Ignacio Vazquez-Abrams over 13 years
    The one that makes sure that one of the addresses in the packet is not of the local network.
  • RalfFriedl
    RalfFriedl almost 5 years
    This will filter out the return packets addressed to the machine.
  • Scott - Слава Україні
    Scott - Слава Україні almost 5 years
    Well, the question says “I'd only like to see traffic that is destined for the internet” (emphasis added).  In fact, it mentions “destined for the internet” twice.   So this answer might be what the OP wants.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why does Wireshark show MAC addresses in the source\destination?
What causes dropping of ARP response packets in a wireless network?
Wireshark on WPA2-PSK [AES] not decrypting
Interpret Wireshark Captures
How to monitor traffic passing through my Wi-Fi access point
How to block the Whatsapp Android application in a network
How to set CommView to capture a specific wifi instead of the whole channel?
TCP Server sends [ACK] followed by [PSH,ACK]
How to decrypt https
How to see full HTTPS URL in wireShark