Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2021-01-20 17:47:51 +0000

BMWE gravatar image

tshark strange behavior

Hi,

I have some strange behavior of tshark:

On my PC, I'm executing tshark -i 5 port 1900 and I see some data. On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).

On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1). Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000

What I'm doing wrong?

P.S I'm working with Win7

tshark strange behavior

Hi,

I have some strange behavior of tshark:

On my PC, I'm executing tshark -i 5 port 1900 and I see some data. On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).

On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1). Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000

What I'm doing wrong?

P.S I'm working with Win7

EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.

tshark strange behavior

Hi,

I have some strange behavior of tshark:

On my PC, I'm executing tshark -i 5 port 1900 and I see some data. On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).

On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1). Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000

What I'm doing wrong?

P.S I'm working with Win7

EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.

tshark strange behaviorbehavior with capture filter

Hi,

I have some strange behavior of tshark:

On my PC, I'm executing tshark -i 5 port 1900 and I see some data. On lab's PC, I'm executing tshark -i 5 port 1900 and I see some data. (interface #5 is internal network).

On lab's PC, I'm executing tshark -i 2and see all the stream including 224.1.1.1. Executing tshark -i 2 -f "port 30000" I don't see any data (port 30000 is one of the ports which is going alongside with 224.1.1.1). Same for tshark -i 2 port 1900 -f "host 224.1.1.1" and tshark -i 2 port 30000

What I'm doing wrong?

P.S I'm working with Win7

EDIT: when I'm using display filter, I can see the data, but I'd like to use the capture filter in order to reduce some traffic handling.handling. When I'm using same capture filter in wireshark - I have same issue like above