Wireshark-users: Re: [Wireshark-users] capture filters
From: "Witton, David" <dwitton@xxxxxxxxxxxxxxxxx>
Date: Mon, 31 Dec 2007 16:38:42 -0700
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, December 31, 2007 4:28 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] capture filters

Witton, David wrote:

> In an unfiltered capture, I am seeing quite a bit of TCP traffic
> (>90%), most of it involving machines other than the one I'm running
> Wireshark on.

Most, or all?  I.e., in an unfiltered capture, are you seeing TCP
traffic to and from the machine running Wireshark?

Yes, I'm seeing traffic to and from the machine running Wireshark

> That doesn't seem to match the case described in the FAQ
> below - or am I wrong?

That sounds like a different case.

What OS are you running on the machine doing the capture?  And what type
of network adapter are you capturing on?

XP pro, vmware virtual machine. VMware Accellerated AMD PCNet Adapter

And, if this is on Ethernet, are you using VLANs?  If so, is the TCP
traffic to and from the host running Wireshark on a VLAN?  (I.e., does
it have a VLAN header?)

Forgive my ignorance, I'm not sure how to check for a VLAN header, but I believe this part of the network isn't VLANed.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of the original message. Thank you for your cooperation.