Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] capture filters

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 31 Dec 2007 15:58:42 -0800

Witton, David wrote:

> What OS are you running on the machine doing the capture?  And what type
> of network adapter are you capturing on?

XP pro, vmware virtual machine. VMware Accellerated AMD PCNet Adapter


So that's probably a (virtual) Ethernet adapter.

> And, if this is on Ethernet, are you using VLANs?  If so, is the TCP
> traffic to and from the host running Wireshark on a VLAN?  (I.e., does
> it have a VLAN header?)

Forgive my ignorance, I'm not sure how to check for a VLAN header,

In Wireshark or TShark, in the packet detail pane, there will be an"802.1Q Virtual LAN" entry below "Ethernet II" and above "InternetProtocol" for a packet with a VLAN header. (Or maybe more than one"802.1Q Virtual LAN" header for a VLAN inside a VLAN, etc., but that'sprobably rarer.)


(Also, this is TCP over IPv4, not TCP over IPv6, right?)

References:
- [Wireshark-users] capture filters
  - From: Witton, David
- Re: [Wireshark-users] capture filters
  - From: Guy Harris
- Re: [Wireshark-users] capture filters
  - From: Witton, David
- Re: [Wireshark-users] capture filters
  - From: Guy Harris
- Re: [Wireshark-users] capture filters
  - From: Witton, David

Prev by Date: Re: [Wireshark-users] capture filters
Previous by thread: Re: [Wireshark-users] capture filters
Index(es):
- Date
- Thread