Ask Your Question
0

Interface name display [closed]

asked 2025-06-04 13:54:43 +0000

der Uhu gravatar image

updated 2025-06-04 14:06:01 +0000

Hallo, is it possible to capture the traffic from multiple interfaces into the file in such a way, that actual interface name is stored, so that when this file is viewed by wireshark, the interface can be displayed for each packet, like in console output of tcpdump? I tried to capture traffic with dumpcap and tshark with -i any option, but it puts 'any' as interface name for all packets!

Thanks!

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by der Uhu
close date 2025-06-05 07:30:19.060116

add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-06-04 16:30:51 +0000

cmaynard gravatar image

Yes, you can capture on multiple interfaces and get the information you're seeking. Just don't capture on the any interface but rather selectively capture on whichever interfaces you're interested in.

In Wireshark, this is accomplished by either shift-clicking (or ctrl-clicking) the desired interfaces listed on the main page or within the Capture -> Options menu.

In tshark or dumpcap, this is accomplished by specifying repeated -i <interface> options for each interface you're interested in capturing on.

From the man pages:

-i|--interface <capture interface=""> | -

...

This option can occur multiple times. When capturing from multiple interfaces, the capture file will be saved in pcapng format.

The interface details will be available in the frame.interface_id, frame.interface_name and frame.interface_description fields.

edit flag offensive delete link more
add a comment

Question Tools

subscribe to rss feed

Stats

Asked: 2025-06-04 13:54:43 +0000

Seen: 23 times

Last updated: yesterday