0

Information about ingress/egress network interface in captures

asked 2024-02-03 11:41:50 +0000

[email protected]
1

I'm using Wireshark to sniff Ethernet interfaces on a Linux machine.

I noticed a couple of limitations that make life harder for me when it comes to interpreting the captures:

When capturing on an individual Ethernet interface, the capture does not show packet direction: did the packet come in or out of the interface?
When capturing on a bridge interface (as in, brctl/ip link add XXX type bridge), the capture does not show which underlying interface received the packet.
- For example, if the bridge includes interfaces eth0 and eth1, I'd like Wireshark to tell me if a given packet arrived on eth0 or on eth1.

Is there any way to lift or otherwise work around these limitations?

edit retag flag offensive close merge delete

Comments

One option is to capture on eth0 and eth1 simultaneously as separate interfaces, instead of capturing on the bridge interface. Then (when using pcapng, as is the default currently) the interface is indicated in the frame protocol.

johnthacker ( 2024-02-03 17:40:48 +0000 )edit

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2024-02-03 11:41:50 +0000

Seen: 145 times

Last updated: Feb 03

Related questions

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2