I'm trying to filter capture traffic. I want to see all LPD traffic to/from a particular printer. However, regardless of whether I use "host 220.127.116.11" or "tcp port 515", Wireshark captures only traffic originating from the printer; it doesn't capture traffic from the other side of the TCP connection.
When I capture with no capture filters, both Tx and Rx are captured.
I'm running v1.10.6 on Mac OS 10.9.2.
asked 17 Apr '14, 23:57
"How can I capture all the traffic" meaning "why am I seeing all the traffic with no filter" or "how can I use a filter and still see all the traffic"?
The answer to the first question is "there's no filter, so it just gives you the packets without testing them, so the VLAN headers don't matter."
The answer to the second question is "host 18.104.22.168 or (vlan and host 22.214.171.124)" or "tcp port 515 or (vlan and tcp port 515)".
answered 21 Apr '14, 16:32
Guy Harris ♦♦