When running tshark on a NapaTech NIC, the host (and other) keywords do not work. We are using the libpcap that Napatech provides. NapaTech seems to think it's a bug in the non-Napatech libpcap files.
Versions
RHEL 8.10
libpcap 1.10.4
tshark 2.6.2
Using grep, the packets are there
[root@nspcapprd101 ~]# /usr/bin/tshark -i napa2 | grep 10.239.81.123
Running as user "root" and group "root". This could be dangerous.
Capturing on 'napa2'
34795 38185 0.088616101 10.239.81.123 → 10.41.177.39 UDP 66 2598 → 56164 Len=20
40795 46374 0.106482092 10.41.177.39 → 10.239.81.123 UDP 66 56164 → 2598 Len=20
106792 108290 0.283687032 10.239.81.123 → 10.41.177.39 UDP 77 2598 → 56164 Len=31
But using the host keyword, nothing is there for several minutes
[root@nspcapprd101 ~]# /usr/bin/tshark -i napa2 host 10.239.81.123
Running as user "root" and group "root". This could be dangerous.
Capturing on 'napa2'
0 packets captured
Then running with grep again to make sure packets still coming in
[root@nspcapprd101 ~]# /usr/bin/tshark -i napa2 | grep 10.239.81.123
Running as user "root" and group "root". This could be dangerous.
Capturing on 'napa2'
22800 28556 0.098213558 10.239.81.123 → 10.41.177.39 UDP 76 2598 → 56164 Len=30
28799 29634 0.101830401 10.41.177.39 → 10.239.81.123 UDP 86 56164 → 2598 Len=40
29703 0.102196547 10.239.81.123 → 10.41.177.39 UDP 66 2598 → 56164 Len=20
Host keyword works on other interfaces on server
[root@nspcapprd101 lib]# /usr/bin/tshark -i eno2 host 192.168.12.22
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eno2'
1 0.000000000 192.168.12.22 → 192.168.12.127 SNMP 154 get-request
2 0.001103924 192.168.12.22 → 192.168.12.127 SNMP 185 getBulkRequest 1.3.6.1.2.1.17.7.1.2.2.1.2.3046.232.106.100.118.61.14
3 0.057710947 192.168.12.22 → 192.168.12.127 SNMP 110 getBulkRequest
