With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?

asked 2019-05-06 12:34:18 +0000

FB
3 ●1 ●1 ●3

updated 2019-05-06 16:37:44 +0000

SYN-bit

18528 ●9 ●339 ●255 https://SYN-b.it

When I set a capture filter in Wireshark:

Are packets filtered at the application or at the interface? In other words, when the capture filter is set, is the application dropping the packets or is Wireshark telling the interface to send only certain packets?
Also, are packets sent to Wireshark as compressed data?

I want to perform packet capture on a remote device on my network, and I am trying to understand how this will affect traffic on my network. For question 1, if the filtering was done by the interface (or device), the amount of data sent over the network due to the remote capture would be smaller than if the filtering was done by the application. For question 2, I am trying to understand how much more traffic I am generating by starting a remote capture. Am I effectively doubling the traffic?

edit retag flag offensive close merge delete

add a comment

Comments

You are correct. I am using rpcapd. Thank you for your answers. That's exactly what I needed to know.

FB ( 2019-05-06 17:28:09 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted? edit

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

With a capture filter on a remote interface, where does the filtering occur? Also, how are the packets transmitted?