Originally Posted by rajavel
can you be more explicit pls???? actually i want to trackdown the ips which are trying to access the blocked sites in lan..i know that we can block the sites using iptables so..
The easy thing to work on is to capture data by source or destination addr. The trouble is, with most network architectures the destination is going to be something like a router on your network (the immediate destination) or a proxy server, rather than the ultimate destination.
In wireshark, you still have the information on the ultimate destination contained in the description of the packet. The trouble is, I don't quite see how you can filter on an encapsulated destination rather than an immediate destination. You can filter on a source or a destination, which may be a help, but it doesn't quite seem to be what you want.
If you know the protocol, you could filter to just that protocol, but if that is a protocol in frequent use, that might not help much. If you have tens of thousands of users, this might not be much help at all.
Two cautions; before you spend lots of time working out which IP address is the source for your problem, ensure that knowing the IP address will do what you want; if IPs are dynamically assigned, this may not be the case.
Second, be sure that whatever legal, ethical and contractual restrictions are in place are respected.