Wireshark-users: Re: [Wireshark-users] Basic question about Wireshark

From: "Frank Walter" <francwalter@xxxxxxx>
Date: Tue, 26 Jul 2011 07:44:44 +0200
Hm. No, this didn't work.
But when I set 'Capture Filter:' to "No Broadcast and no Multicast" in the "Wireshark: Capture Options" Dialog it works.
No more broadcast packets are shown.
Now I discovered that I have all those packets from other wifi networks in my list.
How can I filter them out?

And still the decryption of the packets of my wifi network doesn't work at all.
http://www.wireshark.org/lists/wireshark-users/201107/msg00071.html

It gives no sense to capture my network without decrypting it.
I think I just give it up, my last hope is the Neowin Developer, Robert Wright, who wrote the article about Wireshark on Macbook with decryption. 
I sent him an email.

Thank you anyway.

Kind regards, 

Frank Walter 


> -----Ursprüngliche Nachricht-----
> Von: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
> Im Auftrag von Andreas
> Gesendet: Montag, 25. Juli 2011 21:44
> An: wireshark-users@xxxxxxxxxxxxx
> Betreff: Re: [Wireshark-users] Basic question about Wireshark
> 
> Am 24.07.2011 19:39, schrieb Frank Walter:
> > OK, this is clear now. Thank you!
> >
> > Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark
> 1.6.1.
> > I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff).
> > When I try to set a filter that all those Broadcast-packets are omitted, it ends only in
> an empty list.
> > I tried:
> >
> > eth.dst != ff:ff:ff:ff:ff:ff
> >
> > but also with eth.dst == ff:ff:ff:ff:ff:ff
> >
> > the result is empty. I don't know how to call the Destination, the context-menu "Apply
> as filter / Selected" gives me the wrong name (eth.dst).
> >
> > What is it?
> 
> Both display filters
>    eth.dst != ff:ff:ff:ff:ff:ff
>    eth.dst!=ff:ff:ff:ff:ff:ff
> work for me (Wireshark 1.6.0). Are you sure you have broadcast and
> not-broadcast packets.
> 
> Anyway you should use
>    !(eth==ff:ff:ff:ff:ff:ff)
> to exclude broadcast.
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe