Hi, i'm looking for solution, but i was not able to build a capable test case. Is wireshark able to capture and dissect packets in the following scenario: eth0 - this interface receives the "outgoing" packets eth1 - this interface receives the "incoming" packets basically they build up to one tcp stream, but the "replies" are always separated from the "requests". Both eth0 and eth1 are monitoring ports. Is wireshark able to capture and process the tcp-stream properly? Thanks asked 04 Mar '14, 07:16  Lachupe |
One Answer:
Yes, since Wireshark 1.8 you can capture on more than one interface, if you choose PCAPng as capture format. Each interface will be included in the capture file and each packet has an index to the interface it was captured on. You can see that index in the top section of the dissected packets. The TCP expert does not handle multiple interfaces independently, so if you capture as you've descriped it will just consider packets coming in on both interface as one tcp stream. answered 04 Mar '14, 07:43  Jasper ♦♦ |
Thank you!