A recent thread on wireshark-users brought up a quesiton as to why the
capture filter is sometimes filled in automatically. It is referring to
the code in /util.c that detects if the user is connecting remotely and
it removes that traffic via the capture filter.
I regularily SSH into a box and then set my X11 DISPLAY variable so that
wireshark / other programs will continue running even when I close my
SSH session (I always accidently kill my SSH session, thus bringing
down X11 fowarding). This means that the code detects my SSH variables
and sets up that capture filter and skips the X11 one because they are
each in if() else statements. I need it to block the X11 one only (or
both). How about we change the code to allow this? I can do it if
anyone agrees.
Steve