version 1.6.4, Windows 7, 64 bit, connected to a router then a cable modem. Start WireShark then select Capture -> Captures Filters ... Enter Filter name: "aaa" Filter String: "src port 188.8.131.52" then Select New and restart the capture. The captured packets include data other than those with a source other than specified. How do I get the capture to work? Thanks for your time
asked 22 Nov '11, 15:52
When you select "Capture -> Capture Filters" you will get a window in which you can define, alter and delete capture filters for future use. You can't actually activate a capture filter from there.
One of the reasons is that some capture filters might work on some physical interfaces while they might not work on others. That's why you need to activate a capture filter with the capture options when you start your capture session.
Go to "Capture -> Options" and use the "Capture Filter" button to select your pre-defined capture filter. Or just type the filter you need in the dialog box.
If you're using version 1.7.0 (or higher), you will need to doubleclick on the interface you are going to capture from first, as you can capture on multiple interfaces at once beginning with version 1.7.0 and you can set the capture filter differently for each interface.
answered 23 Nov '11, 00:17
Do you mean "src host ..." ?
Just creating a named Capture Filter in the Capture Filters window directly doesn't actually set the capture filter to be used on an interface.
answered 22 Nov '11, 17:50
Bill Meier ♦♦
edited 22 Nov '11, 17:53
I think the "Filtering while capturing" section of the user guide, along with the information hyperlinked from that page, should provide all the help you need, not just for this particular filtering operation, but for any other capture filter you (and others) might need in the future.
answered 22 Nov '11, 18:04