Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2535] New: Capture Filter yields no packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 12 May 2008 12:27:57 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2535

           Summary: Capture Filter yields no packets
           Product: Wireshark
           Version: 1.0.0
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: High
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: spaulovich@xxxxxxxxxxxxxx


Created an attachment (id=1785)
 --> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1785)
Zip file containing short PCAP files

Build Information:
Version 1.0.0

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1 beta
(packet.dll version 4.1.0.902), based on libpcap version 0.9.6 branch, with
AirPcap 3.2.1 build 1069.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Configuration:

AirPCapN hardware with AirPCap drivers from distribution CD (version 1.0.0.192
| Based on Ar5416 v 6.0.3.62)

Wireshark v1.0.0 from web download

Steps:

1. Start wireshark
2. Capture / Interfaces / Options to bring up Capture Options dialog
3. Promiscuous mode checked, buffer size 1MB, update list of packet in realtime
checked, automatic scrolling in live capture checked, hide capture info dialog
checked; enable MAC name resolution checked, enable transport name resolution
checked.
4. Start

Result: (see attached file NoCapFilter.pcap)

Packets are captured and displayed normally in the Wireshark UI.


Steps:

1. Start wireshark
2. Capture / Interfaces / Options to bring up Capture Options dialog
3. (same settings as above except...)
4. Capture filter = "udp"
5. Start

Result: (see attached file UDPCapFilter.pcap)

A few packets appear in the Wireshark UI and no further packets are captured.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube