This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm new to filters in wireshark. Any filter I try like tcp or http or ip clears all packets. I'm specifically trying to see only broadcasts with the filter eth.addr == ff:ff:ff:ff:ff:ff . Applying this filter clears all packets. When I remove the filter, I see all kinds of broadcast packets. I'm running wireshark 1.6.7 as root, capturing on wlan0.mon

asked 08 Jun '12, 07:33

jbagg's gravatar image

jbagg
6113
accept rate: 0%

edited 08 Jun '12, 07:34


If you're capturing on the wlan0.mon interface, then your packets are probably not Ethernet encapsulated, but IEEE 802.11 encapsulated. Try a filter of wlan.da == ff:ff:ff:ff:ff:ff instead, assuming that's the field you're interested in.

Remember that you can always left-click within the packet details pane on the field that you are interested in and see what the filter name is for that field in the status bar. You can also right-click on the field and choose either the "Apply as Filter" or "Prepare a Filter" options from the menu to avoid some extra typing.

permanent link

answered 08 Jun '12, 07:55

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Thank you, wlan.addr works!

(08 Jun '12, 08:05) jbagg
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×40

question asked: 08 Jun '12, 07:33

question was seen: 2,041 times

last updated: 08 Jun '12, 08:05

p​o​w​e​r​e​d by O​S​Q​A