Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-10-08 07:47:40 +0000

Guy Harris gravatar image

If I set the packets under the respective error filter to Ignore, does this go into the network or is this ignored in the *.pcapng, only?

The only option I see to "ignore" packets, using the word "Ignore" in the menu item, is the "Ignore/Unignore packet" option, which will toggle the "ignore this packet" option on all of the currently selected packets.

It does NOT affect those packets on the network, because it's too late to affect them. Those packets are in the Wireshark capture you have open because Wireshark, or some other program, has seen them on the network; they've already been sent by some host on the network, and setting them to be ignored will not prevent them from being sent, as they have already been sent, and will not prevent them from being received by the host on which Wireshark is running or on any other host.

(I'm not sure what "under the respective error filter" means - if by "the respective error filter" you mean the filter that you have applied to the capture, it makes no difference. You can ignore them even if there's no filter in effect.)

So it's ignored by Wireshark in this session, but, if you quit Wireshark and then re-open the capture, those packets will not be marked as "to be ignored" - that information isn't saved in the capture.

What does ignoring a packet do?

It causes Wireshark to set an "ignored" flag for the packet in an internal Wireshark data structure, and then to re-dissect all packets in the capture and, for all of the packets marked as "ignored", does no dissection of the packet's contents, it just displays it as "ignored".

Is there an option to ignore error paket's permanently?

No.

How can I prevent myself from always receiving the same error packets over the network?

If you mean "how do I prevent Wireshark from receiving those packets", the answer is "use a capture filter that filters out those packets".

However, that will NOT prevent those packets from being sent on your network. Wireshark is a packet analyzer, not a firewall or a generic "network problem fixer".

If you don't want those packets to be sent on your network, you need to fix whatever problem or problems are causing them to be sent.

Why do I have to do the manual with Wireshark, isn't it automatic? Should my firewall OPNsense do this?

It depends on what type of "error packets" you're talking about.

If, for example, you type some invalid URL, such as http://www.wireshark.org/this_page_does_not_exist.html, into your browser, and try to fetch that page, you will get back an HTTP 404 error page saying that page does not exist.

That 404 error page could be considered an "error packet", as it's reporting an HTTP error. However, it would be inappropriate for a firewall to block that packet, as it reports an error that you would want to see.

It would probably be considered appropriate, however, for a firewall to reject, for example, a valid HTTP response that delivers a JPEG that is known to cause some JPEG viewers to crash, or worse, to execute arbitrary code. That's not an "error" packet, but it's a packet that contains malware.

So what type of "error packets" are these?

What does it actually depend on which packages I receive?

It depends primarily on:

  • whether the packet is sent to your host, rather than to some other host;
  • whether there are network routes known to the hosts between the machine that sent the packet and your machine such that each of those machines knows what the next host to send the packet to is and such that the attempt to send the packet to that host will succeed;
  • whether any of those hosts simply discard the packet, for any reason - that might include a firewall that drops the packet, but it might be another host over which you have no direct control;
  • whether the attempt to send the packet to another host along the route fails for some reason.

(I don't know what a "personal aura" would be, but, when I see that term used, it generally refers to an entity that does not appear to have any direct way of affecting networking equipment, so I suspect it's very unlikely to make a difference.)

I've probably done a lot of things wrong with packets. Now I just came up with the idea of ignoring all TCP packets and did it! I don't even understand what TCP means !?!! Basically, I just don't want the network packets to get on my nerves anymore! Is it possible to ignore TCP packets all the time?

Some firewalls might be able to drop all TCP packets, but, if they were to do so, you would not be able to do much of anything on the Internet, such as viewing much of anything in your browser, reading your email, listening to some music/podcasts/etc., watching some videos, using most messaging services, etc.. A very large number of Internet services use TCP as one of the lower networking layers. Some others use UDP, but if you were to block both TCP and UDP, you would be blocking 99.999999999999999999999999% of Internet traffic, which you could also do more easily by cancelling your Internet service.