WEBVTT 00:00.180 --> 00:06.990 In this lecture, we are going to learn to capture traffic by IP address. 00:07.020 --> 00:15.960 Let's say you want to capture traffic that a particular IP address or multiple IP addresses send or 00:15.960 --> 00:16.530 receive. 00:16.830 --> 00:19.830 Then we can use capture, filter, host data. 00:19.830 --> 00:25.050 So go to the capture options and select the network interface. 00:25.050 --> 00:27.620 Then down here, write the host. 00:27.630 --> 00:31.460 Now specify the IP address. 00:31.470 --> 00:39.000 You can specify both IPv4 address and IPV six host filter supports both. 00:39.000 --> 00:42.270 I'm going to specify my own IPv4 address. 00:44.200 --> 00:53.750 Now this filter is only going to capture the traffic that this particular IP address sends and receives. 00:53.780 --> 00:54.200 Right. 00:54.200 --> 00:56.130 So let me click on START. 00:56.150 --> 01:04.490 Now, as you can see, guys at the top capturing from wi fi, this is the host and you will see this 01:04.490 --> 01:10.220 specified IP address either under source column or destination. 01:10.220 --> 01:10.790 Right. 01:11.770 --> 01:12.680 As you can see. 01:12.700 --> 01:15.520 Now back to the capture options. 01:15.670 --> 01:23.860 Now, let's say your device and server use IPV six address to communicate. 01:23.860 --> 01:33.670 In that case, Wireshark will not be able to completely monitor traffic of this particular device because 01:33.670 --> 01:43.020 if the device uses IPV six to communicate, then this filter is going to ignore the IPV six traffic. 01:43.030 --> 01:51.620 So to completely monitor your device, you have to specify the IPV six address as well, right? 01:51.640 --> 02:00.460 All you have to do combine the both IPV four and IPV six address and to combine multiple filters, we 02:00.460 --> 02:04.600 use our of course, so type or and host. 02:04.600 --> 02:06.850 Now specify the IPV six address. 02:06.850 --> 02:09.790 So let me grab my own IPV six address. 02:12.620 --> 02:15.200 No, let me paste it here. 02:15.230 --> 02:26.300 Now, this filter is going to, you know, capture all the IPV six and IPV four packets that the specified 02:26.300 --> 02:29.640 IP addresses send and receive. 02:29.660 --> 02:30.260 Right. 02:30.290 --> 02:32.930 Now, let's take another scenario. 02:32.960 --> 02:44.520 Let's say you only want to capture FTP packets that this particular IP address sends and receives. 02:44.540 --> 02:47.540 In that case, we can use and operate. 02:47.660 --> 02:51.920 So if I type and now let's say port FTP. 02:52.010 --> 03:01.610 Now this filter is only going to capture FTP traffic on this particular IP address. 03:01.640 --> 03:06.170 Now let's narrow down the host filter. 03:06.320 --> 03:09.050 So type source host. 03:09.050 --> 03:19.060 Now this filter is only going to capture the packets that this specified IP address sends out. 03:19.070 --> 03:19.460 Right. 03:19.460 --> 03:28.850 It will not capture packets that will be delivered to this IP address, only the packets that this IP 03:28.850 --> 03:30.030 address sends out. 03:30.050 --> 03:35.120 So if I click on start now, as you can see, it's under the source column. 03:35.120 --> 03:38.810 You are only going to see the specified IP address. 03:38.810 --> 03:48.380 So it is only capturing the packets that this IP address has sent out or is sending out. 03:48.560 --> 03:57.500 And in the same way you can capture the traffic that a particular IP address receives, just replace 03:57.590 --> 04:03.170 as RC with DSD as RC means source, the SD means destination. 04:03.200 --> 04:11.850 Now this filter is only going to capture the traffic that this specified IP address receives. 04:11.870 --> 04:14.180 So let me click on START. 04:15.320 --> 04:21.350 Now under the destination column, you are only going to see the specified IP address. 04:21.350 --> 04:23.510 One 92.68. 04:23.540 --> 04:24.110 Right. 04:25.040 --> 04:25.580 No, wait. 04:25.610 --> 04:33.250 Instead of writing IP address, we can also specify the U, r, l or domain name. 04:33.260 --> 04:40.700 So if I type, let's say host host w w w dot reddit dot com. 04:40.910 --> 04:50.840 Now this filter is only going to capture the traffic that comes in from Reddit dot com or whatever host 04:50.840 --> 04:51.940 you specify. 04:52.010 --> 04:57.610 So let me start capturing a packets and I'm going to refresh the Wikipedia. 04:57.620 --> 05:03.230 As you can see, guys, it is not capturing any traffic from host Wikipedia. 05:03.410 --> 05:06.590 Now let me visit Reddit dot com. 05:07.250 --> 05:14.900 Now, as you can see, Wireshark is capturing the traffic, you know, which is coming in from the specified 05:14.900 --> 05:15.530 host. 05:15.560 --> 05:16.820 Reddit dot com. 05:16.820 --> 05:17.360 Right. 05:18.150 --> 05:26.100 And in the same way you can specify multiple hosts, all you have to do is use the OR operator WW dot 05:26.340 --> 05:31.890 now google dot com or Wikipedia dot com. 05:32.130 --> 05:38.910 Sometimes Wireshark takes a little time to validate the CAPTCHA filters. 05:39.150 --> 05:48.750 Now this filter is going to capture all the traffic that comes in from these specified, you know, 05:48.750 --> 05:52.050 hosts Wikipedia, Google and Reddit. 05:52.350 --> 05:57.480 So in this way, you can combine as many hosts as you like.