Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5932] Capture filter doesn't work on 1.7.0-SVN-37265

Date: Sat, 21 May 2011 13:29:22 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5932

--- Comment #12 from Michael Tüxen <tuexen@xxxxxxxxxxxxx> 2011-05-21 13:29:19 PDT ---
How do you start wireshark normally? Clicking or double clicking
on an Icon?

Can you edit the preferences file and change
console.log.level: 18
to
console.log.level: 255

Start wireshark from a shell. Then you should see the debug output in the shell
(I think it is called cmd in Windows). Can you start capturing the traffic
using 
the capture filter and provide the debug output?

On my machine the output contains (in the middle):


22:26:51  Capture Dbg  sync_pipe_start
22:26:51  Capture Dbg  CAPTURE OPTIONS    :
22:26:51  Capture Dbg  CFile              : 0x1001a2840
22:26:51  Capture Dbg  Filter             : ip host 192.168.1.61
22:26:51  Capture Dbg  Interface name[df] : (null)
22:26:51  Capture Dbg  Interface Descr[df]: (null)
22:26:51  Capture Dbg  Capture filter[df] : 
22:26:51  Capture Dbg  Snap length[df]    : 65535
22:26:51  Capture Dbg  Link Type[df]      : -1
22:26:51  Capture Dbg  Promiscous Mode[df]: TRUE
22:26:51  Capture Dbg  Buffer size[df]    : 1 (MB)
22:26:51  Capture Dbg  Monitor Mode[df]   : FALSE
22:26:51  Capture Dbg  BufferSize         : 1 (MB)
22:26:51  Capture Dbg  Interface Name     : en0
22:26:51  Capture Dbg  Interface Descr.   : en0
22:26:51  Capture Dbg  SnapLen         (0): 65535
22:26:51  Capture Dbg  Promisc            : 1
22:26:51  Capture Dbg  LinkType           : 1
22:26:51  Capture Dbg  SavingToFile       : 1
22:26:51  Capture Dbg  SaveFile           : 
22:26:51  Capture Dbg  GroupReadAccess    : 0
22:26:51  Capture Dbg  Fileformat         : PCAPNG
22:26:51  Capture Dbg  RealTimeMode       : 1
22:26:51  Capture Dbg  ShowInfo           : 0
22:26:51  Capture Dbg  QuitAfterCap       : 0
22:26:51  Capture Dbg  MultiFilesOn       : 0
22:26:51  Capture Dbg  FileDuration    (0): 60
22:26:51  Capture Dbg  RingNumFiles    (0): 2
22:26:51  Capture Dbg  AutostopFiles   (0): 1
22:26:51  Capture Dbg  AutostopPackets (0): 0
22:26:51  Capture Dbg  AutostopFilesize(0): 1024 (KB)
22:26:51  Capture Dbg  AutostopDuration(0): 60
22:26:51  Capture Dbg  ForkChild          : -1
22:26:51  Capture Dbg  argv[0]: /Users/tuexen/Documents/wireshark/trunk/dumpcap
22:26:51  Capture Dbg  argv[1]: -n
22:26:51  Capture Dbg  argv[2]: -i
22:26:51  Capture Dbg  argv[3]: en0
22:26:51  Capture Dbg  argv[4]: -f
22:26:51  Capture Dbg  argv[5]: ip host 192.168.1.61
22:26:51  Capture Dbg  argv[6]: -y
22:26:51  Capture Dbg  argv[7]: EN10MB
22:26:51  Capture Dbg  argv[8]: -Z
22:26:51  Capture Dbg  argv[9]: none
22:26:51     Main Dbg  Callback: capture prepared


This is what I'm interested in: Is your capture filter provided to dumpcap (in
the -f option)?

Thanks for helping to debug the problem. I can't reproduce it on my machine...

Best regards
Michael

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.