Wireshark filter to monitor website traffic

This wireshark filter demonstrates how to monitor traffic to a specific website from an IP address. The filter captures all traffic from the IP address 192.168.137.175 to the website www.facebook.com.

Explanation

1. To display packets originating from a specific source address, the filter ip.src is applied.

2. To filter packets containing the website name, the http attribute host is used. http.host refers to the website name.

The filter ip.src ==192.168.137.175 && http.host==www.facebook.com would display all packets from the ip address 192.168.137.175 to the website www.facebook.com

Learn and implement the different wireshark filters used by network administrators in our Ebook Wireshark tutorials for Network administrators – Click here