Create Capture Filters

Load the predefined filters

Create your own filters

Type the expressions in Capture Filters window

&&--AND

! --NOT

|| -- OR

DNS && IPv4.SourceAddress==ipconfig.LocalIpv4Address

Contains(Http.Request.URI,'google') || Contains(Http.Request.URI,'MSN')

!(tcp.port == 3389)

NMCap /network * /capture "!(tcp.port == 3389)" /file test.cap

NMCap /network * /capture "Contains(Http.Request.URI,'google') || Contains(Http.Request.URI,'MSN')" /file test.cap

P-Mode

By default, Network Monitor captures traffic that your local computer send out and received from. For wired network adapter, when the P-Mode (promiscuous mode) is enabled, you can capture the communication between computers other than your own.

By default, the port on a layer 2 switch can only receive traffic of broadcast and unicast destined to the connected computer. After you configure the monitor port, this port can receive all traffic that switch received.

nwcap /network * /disableLocalOnly /capture /file test.cap

For wireless network adapter, "Switch to Monitor Mode" does the same thing as P-Mode of wired NIC. My WiFi adapter does not work with Monitor Mode.