At some point before a capture I added a capture filter in the capture options window (I don't recall that I ever saved the filter itself). After closing and reopening wireshark, the capture filter remains in the capture options window. I have removed wireshark (running on Windows XP), reinstalled, and the same filter still appears. I downgraded and upgraded wireshark versions with no luck- the filter remains. I've searched the registry but cannot find any reg entry that exist with this filter in it. I've copied cfilters from other systems, but that filter keeps showing up. Any ideas of how to get rid of it without reloading the OS?
asked 09 Mar '11, 11:15
Are you by any chance accessing the system you run Wireshark on remotely (by RDP or X over SSH)? In that case, Wireshark will fill in a default filter to not capture the RDP or SSH traffic. That's something built into Wireshark and it is not configurable (at the moment).
answered 09 Mar '11, 11:45