Wireshark · Ethereal-users: Re: [Ethereal-users] Capture Filter on port - strange behavior

Ethereal-users: Re: [Ethereal-users] Capture Filter on port - strange behavior

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Thu, 05 May 2005 19:05:33 +0200

James Garrison wrote:

> Running on Windows XP SP2 with Ethereal versions
> 0.10.10 and WinPCap 3.0.
>
> If I provide the following capture filter:
>
>     port 25
>
> in order to capture an SMTP transaction, I see only
> packets with destination port 25 -- I.e. I see the
> the client's outgoing packets only.
>
> However, if I capture with NO filter specified, I see
> all packets, so I know WinPCap is capturing all the
> traffic.
>
> I also tried
>
>     src port 25 || dst port 25
>
> but the results were the same. This used to work
> just fine.  Has something changed or am I missing
> something?
>
> I also tried Ethereal 0.10.9 and WinPCap 3.1beta4 with
> the same results.
>
Hmmm, a capture filter is transparently transferred to the WinPcap
driver and the capture filtering is done there, so there's not a lot the
Ethereal team can do about it.

Do you have installed a firewall or Win XP SP2 or a new network card
recently which might caused this problem?

You might ask the WinPcap people about this...

Regards, ULFL

References:
- [Ethereal-users] Capture Filter on port - strange behavior
  - From: James Garrison

Prev by Date: [Ethereal-users] Capture Filter on port - strange behavior
Next by Date: Re: [Ethereal-users] how to know that tethereal has stopped running
Previous by thread: [Ethereal-users] Capture Filter on port - strange behavior
Next by thread: [Ethereal-users] Re: Capture Filter on port - strange behavior - SOLVED
Index(es):
- Date
- Thread