Mailinglist Archive: opensuse (2806 mails)

[James Knott <james.knott@xxxxxxxxxx>]

Ben Kevan wrote:
> On Friday 18 July 2008 11:22:07 am James Knott wrote:
>   
> > I often use Wireshark and it appears that with the version included with
> > 11.0, the filters no longer work properly.  For example, I currently
> > have my notebook computer plugged into a "mirror" port on a switch,
> > which will allow me to monitor traffic to and from another switch port.
> >   If I don't use filters, I can see all the traffic for that other port.
> >   However, if I use a capture filer, as simple as "ip", which should
> > only display IP traffic, I only see traffic to or from my computer,
> > including broadcasts & multicast.  I do not see any unicast traffic for
> > the monitored system.
> >
> > Any ideas?
> >
> > tnx jk
> >
> >
> > --
> > Use OpenOffice.org <http://www.openoffice.org>
> >     
>
> What mode are you in on wireshark? Anything other than Promiscuous? 
>   

Further on this.  I've tried 3 different versions of Wireshark, 
including the one from 10.3, which had previously worked fine.  All 
behave the same way, so perhaps this is a kernel problem.  As soon as I 
enable any capture filter, I can only see traffic to/from the computer 
I'm running Wireshark on.  If I don't use any filter, I see all the 
traffic.  Not being able to use capture filters with Wireshark greatly 
reduces it's usefulness.  This is something that worked well in 10.3 and 
earlier versions.



--
Use OpenOffice.org <http://www.openoffice.org>

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx