Wireshark · Ethereal-users: [Ethereal-users] Capture Filter on port

Ethereal-users: [Ethereal-users] Capture Filter on port - strange behavior

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: James Garrison <jhg@xxxxxxxxxxxxxxx>

Date: Thu, 05 May 2005 11:27:10 -0500

Running on Windows XP SP2 with Ethereal versions
0.10.10 and WinPCap 3.0.

If I provide the following capture filter:

	port 25

in order to capture an SMTP transaction, I see only
packets with destination port 25 -- I.e. I see the
the client's outgoing packets only.

However, if I capture with NO filter specified, I see
all packets, so I know WinPCap is capturing all the
traffic.

I also tried

	src port 25 || dst port 25

but the results were the same. This used to work
just fine.  Has something changed or am I missing
something?

I also tried Ethereal 0.10.9 and WinPCap 3.1beta4 with
the same results.

--
James Garrison                                Athens Group, Inc.
mailto:jhg@xxxxxxxxxxxxxxx                    5608 Parkcrest Dr
http://www.athensgroup.com                    Austin, TX 78731
PGP: RSA=0x92E90A3B DH/DSS=0x498D331C         (512) 345-0600 x150

Follow-Ups:
- Re: [Ethereal-users] Capture Filter on port - strange behavior
  - From: Ulf Lamping
- [Ethereal-users] Re: Capture Filter on port - strange behavior - SOLVED
  - From: James Garrison

Prev by Date: [Ethereal-users] problem with windows version 0.10.11-SVN-14302 of ethereal (was: problem with windows version of ethereal 10.10 on Windows)
Next by Date: Re: [Ethereal-users] Capture Filter on port - strange behavior
Previous by thread: Re: [Ethereal-users] creating a PCAP file from unencapsulated MTP3 traces
Next by thread: Re: [Ethereal-users] Capture Filter on port - strange behavior
Index(es):
- Date
- Thread