Wireshark · Wireshark-users: Re: [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not co

Wireshark-users: Re: [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture co

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 24 Aug 2010 17:22:56 -0700

On Aug 24, 2010, at 4:52 PM, Gregorio Tomas Focaccio wrote:

> The documentation I found for dumpcap did not say what happens if the -f filter argument is left off the dumpcap command.  Do you know what happens?

It does no filtering - every packet that gets handed by the lower levels of the OS (device driver, maybe lower levels of the networking stack before, for example, IP) to the packet capture mechanism (and doesn't get dropped by the packet capture mechanism because its buffer fills up) gets passed on to libpcap/WinPcap, and gets written to a file by dumpcap.

(The same is true of tcpdump, BTW.)

References:
- [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
  - From: Gregorio Tomas Focaccio

Prev by Date: [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
Next by Date: [Wireshark-users] dumpcap -f answer [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
Previous by thread: [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
Next by thread: Re: [Wireshark-users] dumpcap -f question [Re: Can I get Wireshark to capture constantly, but not count to infinity ?]
Index(es):
- Date
- Thread