Revision history [back]

Capture filter not filtering anything

Hi there, I'm trying to capture traffic between two sets of two endpoints.

endpoint group 1 capture filter: Ether src 00:10:7f:ae:71:81 or ether dst 00:10:7f:ae:71:81 or ether src 00:10:7f:b0:96:47 or ether dst 00:10:7f:b0:96:47

I run this for about 1 minute and it produces a reasonably sized capture file that doesn't crash wireshark.

Endpoint group 2 capture filter: Ether src 00:10:7f:aa:b6:f0 or ether dst 00:10:7f:aa:b6:f0 or ether src 00:10:7f:ae:fd:07 or ether dst 00:10:7f:ae:fd:07

Within 10 seconds the capture file is about 15 gb. Wireshark does not handle this and crashes.

in both cases I'm only sending 2 interfaces to the span port. The endpoints are Crestron NVX modules sending a mixture of traffic but mostly udp multicast.

What I'm not understanding about either capture filter is that I'm still capturing traffic from other devices, even though I've specified that I only want to capture traffic to or from 2 specific devices.

Capture filter not filtering anything

Hi there, I'm trying to capture traffic between two sets of two endpoints.

endpoint group 1 capture ~~filter: Ether~~ filter:

ether src 00:10:7f:ae:71:81 or ether dst 00:10:7f:ae:71:81 or ether src 00:10:7f:b0:96:47 or ether dst 00:10:7f:b0:96:4700:10:7f:b0:96:47

I run this for about 1 minute and it produces a reasonably sized capture file that doesn't crash wireshark.

Endpoint group 2 capture ~~filter: Ether~~ filter:

ether src 00:10:7f:aa:b6:f0 or ether dst 00:10:7f:aa:b6:f0 or ether src 00:10:7f:ae:fd:07 or ether dst 00:10:7f:ae:fd:0700:10:7f:ae:fd:07

Within 10 seconds the capture file is about 15 gb. Wireshark does not handle this and crashes.

in both cases I'm only sending 2 interfaces to the span port. The endpoints are Crestron NVX modules sending a mixture of traffic but mostly udp multicast.