Home > Articles, Tips & How-tos > Use Filters to Capture Packets between Two Hosts

Use Filters to Capture Packets between Two Hosts

Product Versions: Since Capsa 7.0

Intended Audience:

  • Capsa Enterprise users
  • Capsa Professional users
  • Capsa WiFi users
  • Capsa Free users
  • Including all Demo and Evaluation users

When we need to do some tests or experiments, we just need to capture packet data between two hosts. The typical instance is to capture packet data between my local host and another host/server. In order to capture packets only between two hosts we can use a capture filter to ignore all packet data that we don’t need. For instance, we want to capture packets only between my host and Colasoft website:

  • My IP address – 192.168.6.112
  • Colasoft Website IP address – 207.218.235.182

Before we get started we should figure out where is the best place to capture packet data, make sure you are capturing right on the path of the traffic flow, read Where to Capture Packets on my Network for more details. If you are planning to capture packet data between your local host and another machine, the convenient way to do so is to install Capsa on your machine. And follow the steps below to create and enable a capture filter.

Create a Capture Filter in Capsa

  • Run Capsa; click the Set Capture Filter link on top-right corner.
  • Capsa Start Page

  • Capture filter window appears. Click the Add button (on the bottom on the window).
  • Filter Manager

  • Input Name, check Address Rule, and choose IP Address from Address 1 drop-down list. Input IP address, 192.168.6.112, in the textbox under the drop-down list. Then choose IP Address from Address 2 drop-down list, and input IP address – 207.218.235.182.
  • Filter

  • Click OK.
  • Check the new filter’s Accept checkbox, and click OK.
  • Enable Filter

We’ve already created and enabled Capsa to capture packet data only between my host and the remote IP address. Next we can click Start button to start a capture. And we see only packets between my local IP and Colasoft website address. By this way we can create filters to capture packets for certain IP or MAC addresses and also use combinations to create advanced filters with multiple conditions.

Packets

Tips:

  • You are suggested to use the Export function to back up your filter settings (you can find the Export button on Figure A), and make sure you export all filters.

Categories: Articles, Tips & How-tos Tags:
  1. rabia
    April 16th, 2013 at 12:45 | #1

    how can i find that the captured ips are not fake in network monitoring.i would like to know that the ips captured through colasoft is either fake or not

  2. April 16th, 2013 at 21:46 | #2

    @rabia
    Capsa captures the real traffic on the network, analyzes captured traffic, and displays the analysis results. What do you mean by fake IPs? Do you mean some virus faking IPs to attack other hosts?

  1. No trackbacks yet.