I just finished a packet capture. I'm trying to save an I/O Graph with bandwidth usage information. During the packet capture, I set some filters. The view filter I set in the packet list view during capture is The capture is taking place from a different host than 10.149.21.79, so there's a lot of other packets captured. For the I/O Graph I'm trying to create of traffic coming from 10.149.21.79 I want to filter out all other traffic. I created some filters to use in the I/O Graph tool (same ones worked in the previous version of Wireshark) And so on. Even though the bandwidth usage is completely different between icmp traffic and the traffic I'm capturing from port 5678, the graph remains identical. This issue started since I installed the new version 2.0.1 this morning. I could try and set capture filters, but that would mean I have to perform three or more captures Have there been changes in the filter mechanism or is this a bug? asked 04 Jan '16, 00:50  amx edited 04 Jan '16, 00:52 |
One Answer:
Seems to work for me. I'm presuming you are using the Qt version, not the legacy GTK version? Can you provide a capture file in a public share somewhere, e.g. Google Drive, Dropbox etc.? answered 04 Jan '16, 02:53  grahamb ♦ |
I'm not 100% sure, but I checked the About section in Wireshark and it says it's compiled with QT.
https://www.hidrive.strato.com/lnk/34grm4j4
I included a capture with traffic between localhost and 10.149.21.79. there is 21% SSH traffic, but I still cannot exclude that traffic in the I/O graph
Never mind.
This was a user error.
I did not check the columns correctly, and was filling in the display filter in the Name column.
Obviously it's working now.
It was not a Wireshark problem, thanks for helping anyway Graham!
I've created the graph showing the total traffic, icmp, port 5678 and ssh to\from the host. Looks OK to me.