My partner and I are opening the same capture file without filtering, but we both have different information displayed on the screen. What is happening? asked 01 Jun '12, 11:50 TecnoSaenz edited 01 Jun '12, 12:26 multipleinte... |
2 Answers:
There are a number of preference settings in Wireshark that can cause the information to be displayed differently. Some of the more common ones are: If one of you has network name resolution on and the other one has it off, one of you will see DNS names and the other one will see IP addresses. If one of you has transport name resolution on and the other one has it off, one of you will see TCP and UDP port names, the other one will see TCP and UDP port numbers. If one of you has MAC name resolution on and the other one has it off, one of you will see the OUI portion of the MAC address as a friendly name, the other one will see only numerical MAC addresses. If the two of you have your Time Display Format set differently, you will see different values in the Time column. If one of you has added any custom columns, he will see information that the other one does not. If one of you has rearranged your display columns, he will see the information laid out differently. If you have different settings for “Allow subdissector to reassemble TCP streams” the information will be presented differently. If you have different coloring rules, your packets may be colored differently. These are just a few. There are many preferences that can cause information to be displayed differently. If you’re both opening the same capture file, then you should both be seeing the same bits. It’s a matter of how the information is displayed. As @multipleinterfaces asked, what differences are you seeing? answered 01 Jun '12, 13:59 Jim Aragon |
Maybe your local dns servers resolve ip addresses in the capture file to different names (RFC 1918 addresses). Disable name resolving and compare the results again.
Uncheck that option. Regards answered 01 Jun '12, 16:31 Kurt Knochner ♦ edited 01 Jun '12, 16:36 |
Are you both using the same version of Wireshark? Are your preferences set the same? What kind of differences are you seeing?