Ask Your Question

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?

asked 2019-05-06 12:34:18 +0000

FB gravatar image

updated 2019-05-06 16:37:44 +0000

SYN-bit gravatar image

When I set a capture filter in Wireshark:

  1. Are packets filtered at the application or at the interface? In other words, when the capture filter is set, is the application dropping the packets or is Wireshark telling the interface to send only certain packets?
  2. Also, are packets sent to Wireshark as compressed data?

I want to perform packet capture on a remote device on my network, and I am trying to understand how this will affect traffic on my network. For question 1, if the filtering was done by the interface (or device), the amount of data sent over the network due to the remote capture would be smaller than if the filtering was done by the application. For question 2, I am trying to understand how much more traffic I am generating by starting a remote capture. Am I effectively doubling the traffic?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2019-05-06 17:17:30 +0000

grahamb gravatar image

I'm assuming that you're using rpcapd for remote capture.

  1. The capture filter is applied by the capturing library at the capture point, so for a remote capture it's applied on the remote device, and only packets that comply with the filter will be transmitted.
  2. The capture data isn't compressed, and is in fact larger than the original traffic as there is additional metadata, e.g. the per packet timestamp.
edit flag offensive delete link more


You are correct. I am using rpcapd. Thank you for your answers. That's exactly what I needed to know.

FB gravatar imageFB ( 2019-05-06 17:28:09 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2019-05-06 12:34:18 +0000

Seen: 40 times

Last updated: May 06