I have the wireshark Version 1.10.8 (v1.10.8-2-g52a5244 from master-1.10) running on a server. I have set the following arguments in the Wireshark shortcut link "C:\Program Files\Wireshark\Wireshark.exe" -i 6 -i 5 -f "port 2152" -k" I have no problem with this. When opening the shortcut, Wireshark starts automatically and captures on interface # 5, 6 and only packets with port 2152. But when I combine multiple ports in the capture filter arguments of Wireshark, this doesn't work. "C:\Program Files\Wireshark\Wireshark.exe" -i 6 -i 5 -f "port 2152 or port 2153" -k" When opening this shortcut, Wireshark starts automatically and captures ALL the packets on interface # 5, 6 and deosn't apply the capture filter. I stop the capture and go to the capture options and I see the capture options field with the filter I had in it. When I restart the capture now, the capture filter is applied. This behavior is the same with all possible combinations of filters. When having tow or more filters, I will always have to stop the capture and then go to the capture options just so that Wireshark will take the filter. Anybody seen this behavior ? asked 10 Jul '14, 12:19  Prask |
One Answer:
The order of the interfaces makes a difference on my system. Does not work (meaning shows ALL traffic):
Does work (meaning shows ONLY traffic on those ports):
Looks like a bug to me. Please file a bug report at https://bugs.wireshark.org Regards answered 10 Jul '14, 12:36  Kurt Knochner ♦ Hi Kurt, I tried your method..Still same result for me. Will report the bug. Thanks, Pras (10 Jul '14, 14:54) Prask |
Additional Notes:
I tested these combinations in the start-up arguments:
1 Interface and 1 Capture Filter = Works
1 Interface and 2 Capture Filters = Works
1 Interface and >3 Capture Filters = Works
2 Interfaces and 1 Capture Filter = Works
2 Interfaces and >2 Capture Filters = FAIL