How to watch all traffic from an IP address

If you're wanting to monitor and analyse traffic then here's our guide on how to watch all traffic from an IP address.

This is a guide to monitoring network traffic which isn't something beneficial only for large businesses. It is something you can do on smaller networks as well. There are many different pieces of software you can do this with but we're going to use one.

Arguably the most popular is Wireshark which, you'll be please to hear, is free. However, it is quite complicated so you might want to try another instead. A few alternatives include: Angry IP Scanner, PRGT Network Monitor, Fiddler and ZenMap.

Step One

Download and install your chosen software. In our case, Wireshark which is available for Windows and OS X.

Download wireshark

Step Two

Open Wireshark and click the "Start" from within the 'Capture' section which is on the left hand side of the interface.

Start network traffic capture

Step Three

Click Stop (the red square) to stop recording network traffic.

Stop network traffic capture

Each line represents a packet, and there are 7 columns that provide information about it.

  • The first gives each packed a number so you can keep track.
  • Time is when the packet was received.
  • The source includes the Internet Protocol (IP) address of the packet's origin.
  • The destination IP records where a packet is going.
  • The protocol the packet uses such as TCP, UDP and HTTP.
  • Length tells you the packets size in bytes.
  • Information provides an extra details such as if a packed is application data.

Capture options and filters

This is how to capture network traffic in the most simple way – it is the traffic on your own machine. If you wish to capture traffic from another then you must switch on 'Promiscuous' mode from within the Capture options. You can tweak settings, including IP address from within Capture filters. Check out Wireshark's page for for information.