Witton, David wrote:
In an unfiltered capture, I am seeing quite a bit of TCP traffic
(>90%), most of it involving machines other than the one I'm running
Wireshark on.
Most, or all? I.e., in an unfiltered capture, are you seeing TCP
traffic to and from the machine running Wireshark?
That doesn't seem to match the case described in the FAQ
below - or am I wrong?
That sounds like a different case.
What OS are you running on the machine doing the capture? And what type
of network adapter are you capturing on?
And, if this is on Ethernet, are you using VLANs? If so, is the TCP
traffic to and from the host running Wireshark on a VLAN? (I.e., does
it have a VLAN header?)