Wireshark · Wireshark-users: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?

Wireshark-users: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?

From: Gerald Combs <gerald@xxxxxxxxxxxxx>

Date: Sun, 27 Aug 2006 21:31:42 -0500

Andrew Schweitzer wrote:
> Jee Kay wrote:
>> On 26/08/06, Ben Stover <bxstover@xxxxxxxxxxx> wrote:
>>
>>> After the installation of WireShark the default Capture filter is set to
>>> 'not tcp port 3389'
>>> Why ?
>>
>> Because you're connecting to the machine via RDP.
> 
> I always wondered that myself. Are you saying you are making a 
> connection to your own machine over RDP?

The filter is set automatically if the CLIENTNAME environment variable
is set.  It's supposed to keep you from overrunning your capture with
traffic generated by your Terminal Server / Remote Desktop / RDP
session.  We do something similar for SSH and X11 sessions as well.

According to the TechNet article at

http://technet2.microsoft.com/WindowsServer/en/library/6caf87bf-3d70-4801-9485-87e9ec3df0171033.mspx?mfr=true

CLIENTNAME should only be set for remote sessions.  Is this not the case?

Follow-Ups:
- Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
  - From: Jim Young
- Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
  - From: Ulf Lamping

References:
- [Wireshark-users] Why is default filter 'not tcp port 3389' ?
  - From: Ben Stover
- Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
  - From: Jee Kay
- Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
  - From: Andrew Schweitzer

Prev by Date: Re: [Wireshark-users] Does Wireshark work on Windows XP Tablet PCand/or XP Media Center?
Next by Date: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
Previous by thread: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
Next by thread: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
Index(es):
- Date
- Thread