This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

required hardware for capture filter

0

I've been trying to setup Wireshark (V1.6.2) capture filter at different windows systems and failed. At one particular PC I used 3 different network adapters. One of them (Intel PRO/1000 PL) worked (example of capture filter: port 5060 or port 53), two others (Realthek RTL8139 and VIA Rhine III) using the same filter failed (Wireshark does not capture anything). Everything else works without problems using these adaptors. For me it seems that there are certain requirements the network adaptor has to comply with, to support Capture Filters with Wireshark. Can anybody tell which are those?

asked 14 Nov '11, 03:44

rolstein's gravatar image

rolstein
6334
accept rate: 0%


One Answer:

1

Look into vlans...

This post explains that.

answered 14 Nov '11, 04:13

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

sorry the post you referred to, doesn't really help me. Maybe my problem description is not sufficient. The syntax of the capture filter (see above) generally works, but only with one of the three network adapters. It is somehow dependend on the hardware I use.

(14 Nov '11, 04:34) rolstein

What Jaap is saying is that capture filter syntax for the same traffic can be different depending on whether the NIC is stripping vlan tags or not.

Have a look at unfiltered captures on all three NICs of the same traffic and see whether some have vlan tagging in the frames and some don't.

(16 Nov '11, 03:31) SYN-bit ♦♦