Wireshark · Ethereal-users: Re: [Ethereal-users] TCP Filter problem

Ethereal-users: Re: [Ethereal-users] TCP Filter problem

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Fri, 27 May 2005 15:59:23 +0200

Ron Apuzzo wrote:

>
> I downloaded the latest ethereal version 0.10.11 today. I can see all
> TCP and other traffic fine. Then I tried to put in a very simple
> filter "tcp port 23" and tried to telnet from host A(ethereal host) to
> host B. The result is only traffic from host A->B(23) was captured but
> not from B(23)->A. Promiscuous mode was turned off.
>
> When I tried other TCP ports, same result! it never captured incoming
> traffic to the host running ethereal. Again with no filter I would see
> traffic from both directions which makes me believe that this is the
> problem of ethereal filtering. This is 100% reproducable.
>
> Any hints or suggestions that I could try? I just want to capture
> traffic from A:xxxx <-> B:fixed_port but I want to capture both ways.

As you didn't mention -- the "tcp port 23" looks like a capture filter.

The capture filters are transferred directly to the underlying
libpcap/WinPcap, Ethereal is (and can) nothing do against it.

You may use a different libpcap/WinPcap and/or network card which
behaves differently than before.

Regards, ULFL

Follow-Ups:
- Re: [Ethereal-users] TCP Filter problem
  - From: Ron Apuzzo

References:
- [Ethereal-users] TCP Filter problem
  - From: Ron Apuzzo

Prev by Date: Re: [Ethereal-users] Slightly OT: Time precision
Next by Date: Re: [Ethereal-users] TCP Filter problem
Previous by thread: [Ethereal-users] TCP Filter problem
Next by thread: Re: [Ethereal-users] TCP Filter problem
Index(es):
- Date
- Thread