Revision history [back]
tshark strange behavior with capture filter
Hi,
I have some strange behavior of tshark:
On my PC, I'm executing tshark -i 5 port 1900 and I see some data.
On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).
On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1).
Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000
What I'm doing wrong?
P.S I'm working with Win7
EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling. When I'm using same capture filter in wireshark - I have same issue like above
tshark strange behavior with capture filterbehavior
Hi,
I have some strange behavior of tshark:
On my PC, I'm executing tshark -i 5 port 1900 and I see some data.
On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).
On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1).
Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000
What I'm doing wrong?
P.S I'm working with Win7
EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.
When I'm using same capture filter in wireshark - I have same issue like abovehandling.
tshark strange behavior
Hi,
I have some strange behavior of tshark:
On my PC, I'm executing tshark -i 5 port 1900 and I see some data.
On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).
On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1).
Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000
What I'm doing wrong?
P.S I'm working with Win7
EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.
tshark strange behavior
Hi,
I have some strange behavior of tshark:
On my PC, I'm executing tshark -i 5 port 1900 and I see some data.
On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).
On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1).
Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000
What I'm doing wrong?
P.S I'm working with Win7
EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.