THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Is it possible to capture packets on all available interfaces simultaneously?

I am troubleshooting an issue where a proxy endpoint disconnects while switching interface from wireless to lan and vice-e-versa. While collecting logs from the endpoint I see that it tries to connect and download the PAC files but I do not capture them in the interfaces. I suspect that while the interfaces are switching some packets are getting logs or maybe routed over the wrong interface.

Is there a way to capture packets on 2 or more interfaces at the same time?

bluewolf1984's avatar
1
bluewolf1984
asked 2019-03-28 03:20:20 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

1

Is there a way to capture packets on 2 or more interfaces at the same time?

If you select more than one interface in the Capture > Options dialog, and start a capture, it will capture on all of those interfaces simultaneously. Unfortunately, it appears that the selection mode is broken, so you can only select a contiguous set of interfaces, not just the interfaces you want. If you truly want to capture on all interfaces, that won't be an issue.

You might want to avoid capturing on every interface in the dialog, as that might involve capturing raw USB traffic (this is NOT necessary if one of the interfaces in the dialog happens to be a USB device, and will give you extra traffic that may just get in the way) or on one of the "extcap" devices, such as the "randpkt" device which just generates several random packets for testing purposes.

On Linux, there's also an "any" device on which you can capture; it will capture on all interfaces, including interfaces that don't exist yet. :-) For example, if a new adapter is plugged into the machine, an "any" capture will capture on that once it's attached to the networking stack.

Guy Harris's avatar
19.9k
Guy Harris
answered 2019-03-28 04:12:48 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Unfortunately, it appears that the selection mode is broken ...

The command-line capture tools, dumpcap or tshark can be used to specify specific interfaces, if needed, just use as many -i < capture interface > options as needed. Find out the available interfaces with dumpcap -D (or tshark -D).

cmaynard's avatar cmaynard (2019-03-28 16:15:07 +0000) edit
more
  • delete
add a comment see more comments
0

Hold CTRL while you select interaces.

e-euler's avatar
1
e-euler
answered 2021-08-13 01:49:04 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer