Ask Your Question

Revision history [back]

Information about ingress/egress network interface in captures

I'm using Wireshark to sniff Ethernet interfaces on a Linux machine.

I noticed a couple of limitations that make life harder for me when it comes to interpreting the captures:

  • When capturing on an individual Ethernet interface, the capture does not show packet direction: did the packet come in or out of the interface?
  • When capturing on a bridge interface (as in, brctl/ip link add XXX type bridge), the capture does not show which underlying interface received the packet.
    • For example, if the bridge includes interfaces eth0 and eth1, I'd like Wireshark to tell me if a given packet arrived on eth0 or on eth1.

Is there any way to lift or otherwise work around these limitations?