Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] capture filters

From: "Witton, David" <dwitton@xxxxxxxxxxxxxxxxx>
Date: Mon, 31 Dec 2007 16:23:56 -0700
Thanks - I hadn't used the FAQs before - great resource.

In an unfiltered capture, I am seeing quite a bit of TCP traffic (>90%), most of it involving machines other than the one I'm running Wireshark on. That doesn't seem to match the case described in the FAQ below - or am I wrong?

David Witton
Director, Information Systems
St. John's Medical Center
307.739.7383


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Monday, December 31, 2007 2:49 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] capture filters

Witton, David wrote:

> I'm selecting a host with a known amount of TCP traffic, but the capture
> only includes ARP packets, no TCP. What am I doing wrong?

        http://www.wireshark.org/faq.html#q7.3

        http://www.wireshark.org/faq.html#q7.2
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of the original message. Thank you for your cooperation.