From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Monday, December 31, 2007 4:28 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] capture filters
Witton, David wrote: > In an unfiltered capture, I am seeing quite a bit of TCP traffic > (>90%), most of it involving machines other than the one I'm running > Wireshark on. Most, or all? I.e., in an unfiltered capture, are you seeing TCP traffic to and from the machine running Wireshark? Yes, I'm seeing traffic to and from the machine running Wireshark > That doesn't seem to match the case described in the FAQ > below - or am I wrong? That sounds like a different case. What OS are you running on the machine doing the capture? And what type of network adapter are you capturing on? XP pro, vmware virtual machine. VMware Accellerated AMD PCNet Adapter And, if this is on Ethernet, are you using VLANs? If so, is the TCP traffic to and from the host running Wireshark on a VLAN? (I.e., does it have a VLAN header?) Forgive my ignorance, I'm not sure how to check for a VLAN header, but I believe this part of the network isn't VLANed. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of the original message. Thank you for your cooperation. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
