Wireshark · Wireshark-users: Re: [Wireshark-users] HTTP dump with tshark...

Wireshark-users: Re: [Wireshark-users] HTTP dump with tshark...

From: Sake Blok <sake@xxxxxxxxxx>

Date: Thu, 17 Jul 2008 12:00:31 +0200

On Thu, Jul 17, 2008 at 02:30:32AM -0700, John Doe wrote:
> 
> It is strange...
> My eth0 has the IP 192.168.16.23
> 
> I tried:
>   tshark -i eth0 -V -T text -f "tcp port 8880" -d "tcp.port==8880,http" 
> -R http.request
> 
> and:
>   telnet 192.168.16.23 8880
>   GET / HTTP/1.0
> 
> telnet sends back my web page correctly; but tshark does not capture anything...
>   0 packets captured
> 
> If I remove the -f "..", it captures all the regular traffic from 
> my firefox correctly, except my telnet 8880...
> I tried port 80 and same problem...

Do I understand correctly that you issue the "telnet 192.168.16.23 8880"
from the box that has the ip address 192.168.16.23? If so, the packets
won't pass the eth0 interface and therefor will not be seen by libpcap.

AFAIK you can use the "any" interface on a linux box to capture local
traffic.

Or you could do the telnet from another system...

Cheers,
    Sake

References:
- Re: [Wireshark-users] HTTP dump with tshark...
  - From: John Doe

Prev by Date: Re: [Wireshark-users] HTTP dump with tshark...
Next by Date: Re: [Wireshark-users] rtcp information capture
Previous by thread: Re: [Wireshark-users] HTTP dump with tshark...
Next by thread: Re: [Wireshark-users] HTTP dump with tshark...
Index(es):
- Date
- Thread