WEBVTT 00:00.120 --> 00:05.670 In this lecture we are going to capture traffic by Mac address. 00:05.670 --> 00:15.060 So if you want to capture traffic that a particular Mac address sends and receives, then we have the 00:15.090 --> 00:17.910 eater host filter for that. 00:17.910 --> 00:25.500 So let me quickly go to the capture options and select the network interface in the capture filter box 00:25.500 --> 00:27.960 type ITR host. 00:27.990 --> 00:37.770 Now we have to specify a mac address here, so I am quickly going to grab my own MAC address, IP config 00:37.800 --> 00:39.090 slash all. 00:39.660 --> 00:44.670 Let me copy and paste the MAC address here. 00:45.360 --> 00:56.160 Now this filter is only going to capture the traffic or frames that this specified Mac address sends 00:56.160 --> 00:57.510 and receives. 00:57.510 --> 00:58.080 Right. 00:58.080 --> 01:07.530 Wireshark will ignore all other frames and only save or capture the frames that this Mac address sends 01:07.530 --> 01:08.610 or receives. 01:08.610 --> 01:10.590 So let me click on Start Button. 01:10.590 --> 01:17.850 Now I am quickly going to add destination and source Mac address fills into the columns. 01:17.850 --> 01:22.200 So right click on destination, click on Apply S column. 01:22.200 --> 01:26.730 I'm going to repeat the same thing for source right click apply as column. 01:26.760 --> 01:30.510 As you can see, guys, both the fields have been added. 01:30.510 --> 01:38.880 Right now you are going to see this specified Mac address either under the source or destination MAC 01:38.880 --> 01:40.200 address column. 01:40.380 --> 01:40.710 Okay. 01:40.710 --> 01:44.010 As you can see now back to the capture options. 01:44.010 --> 01:52.560 Now, next thing that I'm going to do is narrow down the either host filter to source and destination. 01:52.560 --> 02:03.210 So if you only want to capture the frames that a mac address sends out, then type eater source, this 02:03.210 --> 02:09.960 filter is only going to capture the frames that this Mac address sends out. 02:09.960 --> 02:11.760 So let me hit the start button. 02:12.390 --> 02:14.160 Now under the source column. 02:14.160 --> 02:22.200 As you can see, it is only capturing the frames that the specified Mac address is sending out in the 02:22.200 --> 02:29.760 same way we can, you know, capture the frames that get delivered to a mac address. 02:29.760 --> 02:33.180 All you have to do replace source with the SD. 02:33.180 --> 02:34.810 SD means destination. 02:35.100 --> 02:42.510 Now this filter is only going to capture the frames that this Mac address receives. 02:42.510 --> 02:45.270 So click on Start Now. 02:45.270 --> 02:51.750 This time under the destination column, you are only going to see the specified Mac address, right? 02:51.750 --> 03:00.240 So it is only capturing the frames or traffic that the specified Mac address is receiving. 03:00.690 --> 03:06.900 You can combine multiple MAC addresses with the help of our operators. 03:06.900 --> 03:16.110 So if you type or now specify another MAC address like this, right, you can specify as many MAC addresses 03:16.110 --> 03:17.040 as you like. 03:17.040 --> 03:26.280 Now this filter is only going to capture the frames that both the specified MAC addresses send and receive. 03:26.520 --> 03:34.020 And if you specify a note at the beginning, here I am basically telling Wireshark that do not capture 03:34.050 --> 03:40.290 the frames that this Mac address sends out and receive.