This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I wondered why Wireshark (I run 1.5 SVN Rev 35637) always stopped after the first octet (and usually after each other octet as well) whenever I entered a capture filter starting like "host 192.168.0.1", so I captured my PC with a second Wireshark while entering the filter in the first.

What I found was, that my PC (running Win7x64) tried to do a NBNS query for "192<00>", then another for "192.168<00>", then "192.168.0<00>" and finally "192.168.0.1<00>". Each query was repeated at least twice (with no answer coming in), taking about 800ms per try.

My question is: why does Wireshark do that, and what is THIS good for? It is really really annoying :-)

asked 26 Apr '11, 10:24

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%


That is due to the "capture filter syntax checking" that was introduced (by me actually). It is listed as bug 5356 on bugzilla and needs to be fixed :-)

permanent link

answered 27 Apr '11, 09:04

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Thanks, good to know :-)

(27 Apr '11, 09:06) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×184
×15

question asked: 26 Apr '11, 10:24

question was seen: 3,866 times

last updated: 27 Apr '11, 09:06

p​o​w​e​r​e​d by O​S​Q​A