This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark not capturing packets where tpc.src==my.ip.addr

0

I have checked filters and options to resolve the problem. I do not see HTTP URI requests from my system nor do I see ACKs from my machine. When I filter tpc.src==10.72.xxx.xxx where 10.72.xxx.xxx is the IP addr of my system, no packets are listed. I have never experienced this problem before. Does anyone have any idea what is happening. I am using Windows7. I tried by 32- and 64-bit versions of Wireshark to resolve the problem.

asked 16 Nov '11, 16:19

b_lane's gravatar image

b_lane
1111
accept rate: 0%


One Answer:

1

There is no display filter called tpc.src. Perhaps you mean ip.src? When you enter a display filter, if the background color is red, it means the filter is invalid. The background should turn green when you have a valid filter.

But keep in mind that these are only display filters, meaning they don't dictate which packets are captured, only which of the already captured packets are displayed. So, if the valid display filter yields no matching packets, then you may have to modify your capture filter, and capture filter syntax is not the same as display filter syntax.

In case your filter was just a typo, there could be other reasons why you have no matching packets, such as capturing on the wrong interface. You might want to read through the CaptureSetup wiki page for more help.

answered 16 Nov '11, 17:56

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

edited 16 Nov '11, 18:01