This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Display filter not filtering

hey.

i'm trying to filter some specific result from 100K packets by mac addr. i can see the mac addr under "Source" and i even let wireshark filter for me (apply as filter>selected), and still when i press apply it shows nothing.

i.e "eth.src == 00:0c:43:44:a1:a5" (yes, I Tx over eth not wlan)

thx!

packet-display display-filter

asked 01 Jul '14, 02:58

AranZaiger
1●1●1●2
accept rate: 0%

One Answer:

If you apply the following filter on the sample capture file below, do you see any frames?

eth.src == 00:0a:95:67:49:3c

Sample capture file: http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=http_gzip.cap

Case #1:
If you see some frames, then something is wrong with your capture file or you chose the wrong mac address, or you are not using ethernet.

TODO: Please post a sample capture file that should contain the mac address you mentioned. You can post it on google drive, dropbox or cloudshark.org.

Case #2:
If you don't see any frames with the sample file, then something is wrong with your Wireshark installation.

TODO: Please post

OS and OS version
Wireshark version

Regards
Kurt

answered 01 Jul '14, 04:15

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%

problame was half solved. worked when i used wlan.sa == <some mac="" addr="">

ty!

(01 Jul '14, 07:33) AranZaiger