How to watch all traffic from an IP address

If you want to monitor network traffic, you need a utility called Wireshark which lets you see exactly what's going on between your computers and network devices.

Monitoring network traffic isn't something beneficial only for large businesses. It can be just as useful on home networks as well. You could troubleshoot problems, discover exactly what's connected and what type of data is being sent across the network.

There are many utilities which do a similar job, but we're going to use Wireshark which is free. However, it is quite complicated so you might want to try others to see if you get on better with them. It's worth noting that you can't see the actual data - you won't know if someone's streaming Breaking Bad, for example - but you will be able to see which websites are being accessed (albeit by their IP addresses).

A few alternatives include Angry IP Scanner, PRGT Network Monitor, Fiddler and ZenMap.

Using these tools you can keep an eye on everything coming and going from a specific computer, but you can also install it on remote computers and monitor them as well.

Just make sure you have permission to do this: such tools can be used for 'evil' but we're explaining how to monitor traffic in the hope you can see what's normal and what could be an issue. And as we've said, capturing and viewing network traffic in this way isn't for beginners. If you don't know what a MAC address or IP address is, then the data is going to be meaningless.

How to use Wireshark to monitor network

Download and install Wireshark which is available for Windows, macOS and some Linux distros.

Download wireshark

Launch Wireshark and click the "Start" from within the 'Capture' section which is on the left hand side of the interface.

Start network traffic capture

Click Stop (the red square) to stop recording network traffic.

Stop network traffic capture

Each line represents a packet, and there are 7 columns that provide information about it.

  • The first gives each packed a number so you can keep track.
  • Time is when the packet was received.
  • The source includes the Internet Protocol (IP) address of the packet's origin.
  • The destination IP records where a packet is going.
  • The protocol the packet uses such as TCP, UDP and HTTP.
  • Length tells you the packets size in bytes.
  • Information provides an extra details such as if a packed is application data.

Capture options and filters

This is how to capture network traffic in the simplest way – it is the traffic on your own computer. If you wish to capture traffic from another then you must switch on 'Promiscuous' mode from within the Capture options. You can tweak settings, including IP address from within Capture filters. Check out Wireshark's page for for information.