This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

does anybody know if there is traffic that Wireshak can`t capture, I mean, you don't see this traffic in the program.

asked 18 Feb '15, 13:02

Pim's gravatar image

Pim
11334
accept rate: 0%


Wireshark can't capture anything....

It uses dumpcap to do the capture for it. How does dumpcap do it? Well, it uses the libpcap library (as applicable for the platform) capabilities to capture traffic.

How does libpcap do it? As said, depending on the platform, it latches on to the network stack and gets its packets from there. This means NDIS5 on Windows, it means (ever more capable) (packet) socket on Un*x like platforms, etc.

So, any traffic that is not passing via a path that libpcap can latch on to cannot be captured.

permanent link

answered 19 Feb '15, 04:13

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks a lot Jaap but could you give some type of traffic that is not passing via a path that libpcap can latch on? and with this type of traffic in wireshark you don't see anything, no?

(21 Feb '15, 10:35) Pim

Nothing much really. Traffic going directly onto an bus that's not serviced by the network stack come to mind. Eg. traffic on an I2C bus probably won't show up on an interface that libpcap can select. But the relevance of such interface as an network interface is questionable. Still it could be doen given the right hardware. Look at DECT for instance. Not something available in stock network capture, but with the right hardware it can be captured, and readily decoded in Wireshark.

(23 Feb '15, 04:33) Jaap ♦

If the reason for the question is that you think that you ought to see some tarffic that you are not seeing chanses are that there's something wrong with your capture setup or if you are expecting protocol foo but only seeing UDP/TCP that some preference needs tuning. If you try to describe what you think arte missing we might be able to help you further.

(23 Feb '15, 04:57) Anders ♦

He, we're tracking into the wilderness here, into uncharted territories ;) But I guess you're right; @Pim: what did you expect to see?

(23 Feb '15, 08:20) Jaap ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×115
×2

question asked: 18 Feb '15, 13:02

question was seen: 2,982 times

last updated: 23 Feb '15, 08:20

p​o​w​e​r​e​d by O​S​Q​A