Wireshark-users: Re: [Wireshark-users] Capture Filter not work for hub, seems like a bug?
From: Tao Zhou <moonese@xxxxxxxxx>
Date: Wed, 26 Aug 2009 23:24:52 +0800
Yes, the http traffic is on port 80, not on other ports.

as I said in the first email, that if I use 'Display Filter' as http while leaving the 'Capture Filter' empty, the http traffic could be filtered out on port 80;
However, if use 'port 80' as 'Capture Filter' while leaving 'Display Filter' empty, no traffic could be captured.

But today I found that the laptop NIC card has not obtained a valid IP address, as it uses DHCP; while STB got an public network IP address through PPPoE.
So I guess maybe the root cause is that without an IP address for laptop, the 'Capture Filter' will make it could not capture any packets; while leaving it empty will get all packets in the hub successfully.

Please confirm this who knows...

Regards, Tao.



On Wed, Aug 26, 2009 at 11:21 AM, Martin Visser <martinvisser99@xxxxxxxxx> wrote:
I know this is a pretty dumb question but is your http traffic actually on port 80? If you it is all going via a proxy it might be on port 8080 or 3128 or some other port.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Wed, Aug 26, 2009 at 11:41 AM, Tao Zhou <moonese@xxxxxxxxx> wrote:
Yes, the only thing I do is to use "port 80" as Capture Filter, the checkbox of "Capture packets in promiscuous mode" is always on.


Regards, 
Tao


From: Martin Visser <martinvisser99@xxxxxxxxx>
Date: Wed, 26 Aug 2009 07:23:16 +1000

At a first guess, do you have "promiscuous" mode turned on in the capture options? It will need to be.

Regards, Martin

MartinVisser99@xxxxxxxxx


On Tue, Aug 25, 2009 at 12:05 PM, Tao Zhou <moonese@xxxxxxxxx> wrote:

Hi, All:

I need to capture the packets going through a STB box for diagnosis purpose, 
so just make my laptop (Windows XP) and STB at the same hub, however I found a problem about capture filter, 
If I don't set the capture filter, all traffic going through the hub can be captured, including those to STB, on ports including http(80) and other ports;
However if I set a Capture Filter "port 80", no packets captured anymore.
It seems to me that if the Capture Filter is set, only packets to the laptop NIC IP address is captured, and those to STB is dropped.

So now I just leave the capture filter empty, and use *display filter* to filter out those http packets.
It works fine, except that the packets are in a quite large volumn, since no filter in capture level...

Is this a Wireshark bug, or I just missed something?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe