ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] [Ubuntu-Wireshark1.2.2-SIP] I cannot see some packets with

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: ketzal devims <ketzaldevims@xxxxxxxxx>
Date: Tue, 22 Sep 2009 20:16:16 +0200
Hi all,

You were right, it's working now. thanks for your help
Best Regards

2009/9/21 Jaap Keuter <jaap.keuter@xxxxxxxxx>
Hi,

Wireshark is just the 'top of the foodchain' so to speak. Below that in libpcap
to do the capture. That is plugged into the OS'es network software, which itself
sits on top of network card driver software, which works with the cards'
firmware, which interacts with the network hardware.

As you see many pieces are involved. The Windows parts (network stack and
drivers) are not well known for their VLAN support. In Linux (Ubuntu uses the
Linux kernel) this is much better handled, even on the same hardware.

Thanx,
Jaap

ketzal devims wrote:
> But I'm using Wireshark exactly on the same computer.
> I removed Windows XP to put Ubuntu 9.04...
>
> Best regards
> Louis
>
> 2009/9/21 Jaap Keuter <jaap.keuter@xxxxxxxxx <mailto:jaap.keuter@xxxxxxxxx>>
>
>     Hi,
>
>     That depends on the network card, driver and network stack. Windows
>     is notorious
>     for not showing VLAN info. See
>     http://wiki.wireshark.org/CaptureSetup/VLAN
>
>     Thanx,
>     Jaap
>
>     ketzal devims wrote:
>      > Hi Stephen, I forgot a question:
>      >
>      > Why is there this problem on linux and not on Windows Wireshark
>     version?
>      >
>      > Best Regards
>      > Louis
>      >
>      > 2009/9/21 Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx
>     <mailto:steve@xxxxxxxxxxxxxxxxxx>
>      > <mailto:steve@xxxxxxxxxxxxxxxxxx <mailto:steve@xxxxxxxxxxxxxxxxxx>>>
>      >
>      >
>      >     On Sep 21, 2009, at 1:14 PM, ketzal devims wrote:
>      >
>      >      > I’m able to see these packets without filter... Why can’t
>     I see them
>      >      > with th filter?
>      >      >
>      >      > Some friend told me it's a libpcap problem. The libpcap
>     version in
>      >      > my computer is 1.0.0-1 (almost the last one)
>      >      >
>      >      > What's going on??? I really don't understand.
>      >
>      >     A common cause of this seems to be when you have 802.1q VLAN tags
>      >     coming into the machine and being passed up into Wireshark.
>      If this
>      >     is the case, you would need to use "vlan and <your filter>".
>      >
>      >
>      >     Steve
>      >
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube