The latter are used to hide some packets from the packet list.Ĭapture filters are set before starting a packet capture and cannot be modified during the capture. The former are much more limited and are used to reduce the size of a raw packet capture. If you have 2 devices on the same switch talking to each other you will NOT see the packets, as these packets will not be sent to the main router.Ĭapture filter is not a display filter ( )Ĭapture filters (like tcp port 80) are not to be confused with display filters (like tcp.port = 80). *Note: Only packets sent through the main router in B34 will be seen. Please remember to delete unwanted files. I also already tried a different libpcap version (1.3.0-1), but that also did not help.Remember every time you perform a capture it will create a file in /tmp/ether* Now with the filter applied: $ sudo tshark -i eth0 "tcp port 1"Ġ.000000 ::a -> ::c TCP 35982 > tcpmux Seq=4190420215 Ack=4138811225 Win=1024 Len=0 MSS=1460Īny clues how to debug this further? I will try to change the virtual network cards of the machines, maybe this helps. So, yes, I'm sure that there's no VLAN or other things. Wireshark runs on one of the virtual machines. The communication I'm capturing is between two Virtual machines on the same physical PC. Its the same output as you have, except that I specified port 1 in line 6.
Thats my output from "compile BF filter": (000) ldh Also, are you sure your frames are not vlan tagged (or encapsulated in pppoe or something else)? Maybe there is a bug in your version of libpcap indeed. It should show something like this: (000) ldh
0 kommentar(er)
