Ask Your Question

itangir's profile - activity

overview network karma followed questions activity
2019-03-06 01:03:32 +0000 received badge  Notable Question (source)
2018-11-27 18:13:52 +0000 received badge  Popular Question (source)
2018-11-14 20:57:22 +0000 commented answer Capture Filters - What am I doing wrong?

Yeah, meant to be "or" there. I guess I just have to be extra careful when filtering with the "vlan" primitive.

2018-11-14 03:12:04 +0000 marked best answer Capture Filters - What am I doing wrong?

Guys, I know I'm not the sharpest tool in the crayon box but capture filters are really hanging me up from some constructive monitoring. I have a port mirror setup on a Procurve uplink port going into yonder Windows 10 Wireshark computer. Things seem to work fine up until I try to use capture filters.

Here are a few examples:

Capture filter: vlan 70 or vlan 90
Expected behavior: Capture only frames with VLAN ID matching either 70 or 90
Actual behavior: Only VLAN 70 frames are captured
Sanity check: Captured without a filter and verified with a display filter that both can be captured, filtered

Capture filter: icmp
Expected behavior: Show pings, replies, and other ICMP traffic
Actual behavior: Ping requests are captured but replies are not
Sanity check: Capturing without a filter yields both requests and replies

Capture filter: not ip
Expected behavior: Capture only ARP, STP, and other L2 stuff
Actual behavior: TCP and UDP as far as the eye can see
Sanity check: Am insane

Hope someone can elucidate some of the troubles I'm having with getting some desired captures.

Edit1: Also, I have the latest Wireshark and winPcap versions.
Edit2: Replaced "show(n)" with "capture(d)" where appropriate to be less confusing
Edit3: All traffic I'm trying to monitor is IPv4 and VLANs.
2018-11-14 03:12:04 +0000 received badge  Scholar (source)
2018-11-14 03:11:05 +0000 edited question Capture Filters - What am I doing wrong?

Capture Filters - What am I doing wrong? Guys, I know I'm not the sharpest tool in the crayon box but capture filters ar
2018-11-14 03:10:03 +0000 commented answer Capture Filters - What am I doing wrong?

Addendum: All of this traffic is basically VLAN (except where untagged, etc.) and IPv4. Are you saying Wireshark is ill
2018-11-14 03:05:02 +0000 commented answer Capture Filters - What am I doing wrong?

Are you saying Wireshark is ill-suited for capturing on enterprise traffic? Or just filtering it at capture? Is there so
2018-11-14 03:04:40 +0000 commented answer Capture Filters - What am I doing wrong?

Are you saying Wireshark is ill-suited for capturing on enterprise traffic? Or just filtering it at capture? Is there so
2018-11-13 23:29:22 +0000 edited question Capture Filters - What am I doing wrong?

Capture Filters - What am I doing wrong? Guys, I know I'm not the sharpest tool in the crayon box but capture filters ar
2018-11-13 21:45:03 +0000 received badge  Editor (source)
2018-11-13 21:45:03 +0000 edited question Capture Filters - What am I doing wrong?

Capture Filters - What am I doing wrong? Guys, I know I'm not the sharpest tool in the crayon box but capture filters ar
2018-11-13 21:43:20 +0000 asked a question Capture Filters - What am I doing wrong?

Capture Filters - What am I doing wrong? Guys, I know I'm not the sharpest tool in the crayon box but capture filters ar
Copyright Wireshark Foundation, 2017-2019 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2