Quote:
Originally Posted by rajavel
can you be more explicit pls???? actually i want to trackdown the ips which are trying to access the blocked sites in lan..i know that we can block the sites using iptables so..
|
....so what?
The easy thing to work on is to capture data by source or destination addr. The trouble is, with most network architectures the destination is going to be something like a router on your network (the immediate destination) or a proxy server, rather than the ultimate destination.
In wireshark, you still have the information on the ultimate destination contained in the description of the packet. The trouble is, I don't quite see how you can filter on an encapsulated destination rather than an immediate destination. You can filter on a source or a destination, which may be a help, but it doesn't quite seem to be what you want.
If you know the protocol, you could filter to just that protocol, but if that is a protocol in frequent use, that might not help much. If you have tens of thousands of users, this might not be much help at all.
Two cautions; before you spend lots of time working out which IP address is the source for your problem, ensure that knowing the IP address will do what you want; if IPs are dynamically assigned, this may not be the case.
Second, be sure that whatever legal, ethical and contractual restrictions are in place are respected.