dumpcap dump ok, parallel Wireshark missing traffic

asked 2022-02-01 11:18:26 +0000

FrankM gravatar image

I am monitoring traffic from several vlans via mirror ports. in dumpcap I continuously log all (2) incoming mirror ports. There in dumpcap logs I can see all traffic. When I open in parallel a Wireshark window to look at live traffic on the same ports, then traffic from one of the 'vlans' is missing in Ws window. Meaning that traffic via the IP addresses of that vlan is not visible in Ws, where it is visible in dumpcap log... I am not aware of any capture or display filter being active to filter this traffic/IP's Could there be any 'hidden' filtering going on here? If so, how can I check?

edit retag flag offensive close merge delete