Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: [Wireshark-users] Capture filter not working?

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: "Trevor Tolk" <TTolk@xxxxxxxxxxxx>
Date: Thu, 15 Nov 2007 15:26:06 -0800

I have a PC with 2 nics - one on the network, and one that I use to capture packets with. The capturing nic is plugged into the mirrored port on a managed switch. the port it's The mirror port receives all packets from other monitored ports on the switch.

When I use no capture filter, it captures all traffic perfectly.

When I use an IP (host) or tcp/udp capture filter on the monitoring nic, it captures no traffic. When I use the same filter on the nic connected to the normal network, the filter works fine. I can use an ether capture filter an it works.

Previously, this PC had ethereal on it with winpcap 3. It used to work fine (I haven't used it for 4 or 5 months). I uninstalled Ethereal and winpcap3 and installed the latest version of Wireshark and WinPcap, and it acts the same.

Because capture filters ARE working, but not with layer 3 or 4 traffic on the monitoring nic, I tend to believe there's some setting that I need to change somewhere that I need to change.

Any ideas on what I can/should do to enable capture filters to work? Currently I'm capturing all traffic and relying on display filters, which is tedious.

Follow-Ups:
- Re: [Wireshark-users] Capture filter not working?
  - From: Stephen Fisher

Prev by Date: [Wireshark-users] [ANNOUNCE] WinPcap 4.1 beta2 has been released
Next by Date: Re: [Wireshark-users] Capture filter not working?
Previous by thread: Re: [Wireshark-users] [ANNOUNCE] WinPcap 4.1 beta2 has been released
Next by thread: Re: [Wireshark-users] Capture filter not working?
Index(es):
- Date
- Thread