I'm using Wireshark to sniff Ethernet interfaces on a Linux machine.
I noticed a couple of limitations that make life harder for me when it comes to interpreting the captures:
- When capturing on an individual Ethernet interface, the capture does not show packet direction: did the packet come in or out of the interface?
- When capturing on a bridge interface (as in,
brctl/ip link add XXX type bridge), the capture does not show which underlying interface received the packet.- For example, if the bridge includes interfaces
eth0andeth1, I'd like Wireshark to tell me if a given packet arrived oneth0or oneth1.
- For example, if the bridge includes interfaces
Is there any way to lift or otherwise work around these limitations?