Hi all No packets are captured when i try to find out http traffic (tcp port 80). Althuogh I can find them when I capture all packets (e.g. without any capture filter), applying display filter. I ran Wireshark as administrator but the problem remained. Windows 7 Wireshark 1.6.5 Thanks in advance asked 18 Feb '12, 01:36 clipsya edited 18 Feb '12, 01:38 |
One Answer:
If you do see HTTP packets when you don't use a capture filter and you don't see HTTP when you do use a capture filter, then the capture filter filters the HTTP packets out. This usually happens when traffic is being encapsulated. Depending on the encapsulation type, you need to extend the capture filter:
If these do not work for you, please update this question with the full (text) output of 1 HTTP packet to check what encapsulation you are encountering. answered 18 Feb '12, 06:15 SYN-bit ♦♦ edited 18 Feb '12, 06:22 Great thanks! PPPoE is my case! I didn' t even think about encapsulation.. Thanks a lot again! (18 Feb '12, 06:27) clipsya |
The capture filter "tcp port 80" or "tcp port http" works fine for me. Do you see any traffic with the above filters?
thanks but both filters "tcp port 80" and "tcp port http" don't capture anything
And if you remove the capture filter you see tcp traffic on port 80? And you aren't making any other changes? Very odd.
yes, as I mentioned above if I don't apply any capture filter all of the packets are captured successfuly and I can find http packets among all of it using display filter. But it is not convenient way for me :(