Hi Guy, is this also means that there is no way today to display or filter packets based on the interface they have been captured? /Tamas
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Tuesday, June 26, 2012 23:26
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Wireshark V1.8.0 - analysing dual NIC capture
On Jun 26, 2012, at 1:56 PM, Jeff Morriss wrote:
> Pretty much, yes. The intent (I think) was just to allow capturing on
> 2 interfaces simultaneously (rather than having to run 2
> Wiresharks/dumpcaps and then merge the traces offline).
>
> But nothing was added to separate out potentially-duplicated traffic.
> (The use case is more for multi-homed hosts.)
Yes. Not all ways you can perform multi-interface capture are necessarily *useful*. Think of it as being similar to the "any" device on Linux (the differences are that
1) you can control options on individual interfaces separately;
2) the interfaces can supply different link-layer header types;
3) you have to specify the list of interfaces when you start the capture).