Hi there,
I've been trying to set up Wireshark to listen to incoming and outgoing traffic on a specific troublesome IP address on my network. I've tried using the capture filter "Host x.x.x.x" but that doesn't listen to any traffic leaving the machine. I'm wondering if the offsite firewall/proxy server might have settings which stop me from doing this. If you have any ideas that'd be great.
If its a wireless connection the firewall can't touch that, you're just grabbing shit out of the air like flies. If its over a wired connection it still shouldn't matter I don't think? It shouldn't be an issue at least. There are other capture suites like in aircrack-ng and I think theres something in metasploit but don't quote me on that. If you're on say 172.0.0.0 and they're on 182.0.0.0 then maybe it would get caught out? You could try a honeypot fir a few minutes and just grab all of their shit.
If course, you also might not have access to them at all. If you know the ip, ping it and see if you can actually access it.
What do you have wireshark loaded on to be trying to listen to that troublesome IP?
So the the PC i'm trying this all on is running Windows 7 and the PC i'm trying to listen to is also running Windows 7. I did think of aircrack-ng but I don't have my laptop with Kali on with me now. I can talk to the machine, I can even remote access to it but I need to know what it's trying to connect to, so I can make an exception for that URL. I didn't think it would matter about the Firewall as I'm trying to listen to it before and after it touches it.
Maybe you're putting your filter in the wrong way then. Otherwise, capture all data and filter out the 1 IP you want afterwards. I haven't used WS for a while but I remember a find / filter function after capture.
check the FW logs for what the machine is trying to connect to...
Your adapter may not be supported by wireshark. Can you not capture the traffic from your firewall or in the windows logs on the machine?