Ask Your Question
0

Is it possible to capture packets on all available interfaces simultaneously?

asked 2019-03-28 03:20:20 +0000

bluewolf1984 gravatar image

I am troubleshooting an issue where a proxy endpoint disconnects while switching interface from wireless to lan and vice-e-versa. While collecting logs from the endpoint I see that it tries to connect and download the PAC files but I do not capture them in the interfaces. I suspect that while the interfaces are switching some packets are getting logs or maybe routed over the wrong interface.

Is there a way to capture packets on 2 or more interfaces at the same time?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2019-03-28 04:12:48 +0000

Guy Harris gravatar image

Is there a way to capture packets on 2 or more interfaces at the same time?

If you select more than one interface in the Capture > Options dialog, and start a capture, it will capture on all of those interfaces simultaneously. Unfortunately, it appears that the selection mode is broken, so you can only select a contiguous set of interfaces, not just the interfaces you want. If you truly want to capture on all interfaces, that won't be an issue.

You might want to avoid capturing on every interface in the dialog, as that might involve capturing raw USB traffic (this is NOT necessary if one of the interfaces in the dialog happens to be a USB device, and will give you extra traffic that may just get in the way) or on one of the "extcap" devices, such as the "randpkt" device which just generates several random packets for testing purposes.

On Linux, there's also an "any" device on which you can capture; it will capture on all interfaces, including interfaces that don't exist yet. :-) For example, if a new adapter is plugged into the machine, an "any" capture will capture on that once it's attached to the networking stack.

edit flag offensive delete link more

Comments

Unfortunately, it appears that the selection mode is broken ...

The command-line capture tools, dumpcap or tshark can be used to specify specific interfaces, if needed, just use as many -i < capture interface > options as needed. Find out the available interfaces with dumpcap -D (or tshark -D).

cmaynard gravatar imagecmaynard ( 2019-03-28 16:15:07 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-28 03:20:20 +0000

Seen: 99 times

Last updated: Mar 28