wireshark: different result btween CAPTURE and DISPLAY filtr

Networking/Security Forums -> Security Related Software

Author: baseline PostPosted: Fri Mar 05, 2010 6:09 am    Post subject: wireshark: different result btween CAPTURE and DISPLAY filtr
    ----
For same traffic, why do CAPTURE and DISPLAY filter behave differently?
In my test, I try to capture yahoo msgr traffic from/to PC with IP x.x.x.179

With blank CAPTURE filter and DISPLAY filter = ""ip.addr==x.x.x.179" the result is:


But with blank DISPLAY filter and CAPTURE filter = "tcp port 5050" I got nothing at all:


If it matters, my wireshark is getting its packets from remote-capture by a mikrotik box (internet gateway)

Thanks in advance



Networking/Security Forums -> Security Related Software


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group