Wireshark-users: Re: [Wireshark-users] question about exporting/filtering files

From: Richard Bejtlich <taosecurity@xxxxxxxxx>
Date: Wed, 2 Dec 2009 14:48:13 -0500
On Wed, Dec 2, 2009 at 2:35 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
> Richard Bejtlich wrote:
>
>> Any rationale for why the display filter can be used to limit -w to
>> only the packet of interest when used with -r , but not when doing
>> live capture?
>
> It's a by-product of privilege separation, and is a bug:
>
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234

I see -- very interesting!  Thank you!

Richard