Wireshark mailing list archives
Re: Basic question about Wireshark
From: "Frank Walter" <francwalter () gmx net>
Date: Tue, 26 Jul 2011 07:44:44 +0200
Hm. No, this didn't work. But when I set 'Capture Filter:' to "No Broadcast and no Multicast" in the "Wireshark: Capture Options" Dialog it works. No more broadcast packets are shown. Now I discovered that I have all those packets from other wifi networks in my list. How can I filter them out? And still the decryption of the packets of my wifi network doesn't work at all. http://www.wireshark.org/lists/wireshark-users/201107/msg00071.html It gives no sense to capture my network without decrypting it. I think I just give it up, my last hope is the Neowin Developer, Robert Wright, who wrote the article about Wireshark on Macbook with decryption. I sent him an email. Thank you anyway. Kind regards, Frank Walter
-----Ursprüngliche Nachricht----- Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] Im Auftrag von Andreas Gesendet: Montag, 25. Juli 2011 21:44 An: wireshark-users () wireshark org Betreff: Re: [Wireshark-users] Basic question about Wireshark Am 24.07.2011 19:39, schrieb Frank Walter:OK, this is clear now. Thank you! Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark1.6.1.I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff). When I try to set a filter that all those Broadcast-packets are omitted, it ends only inan empty list.I tried: eth.dst != ff:ff:ff:ff:ff:ff but also with eth.dst == ff:ff:ff:ff:ff:ff the result is empty. I don't know how to call the Destination, the context-menu "Applyas filter / Selected" gives me the wrong name (eth.dst).What is it?Both display filters eth.dst != ff:ff:ff:ff:ff:ff eth.dst!=ff:ff:ff:ff:ff:ff work for me (Wireshark 1.6.0). Are you sure you have broadcast and not-broadcast packets. Anyway you should use !(eth==ff:ff:ff:ff:ff:ff) to exclude broadcast. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Basic question about Wireshark Frank Walter (Jul 24)
- Re: Basic question about Wireshark Boonie (Jul 24)
- Re: Basic question about Wireshark Frank Walter (Jul 24)
- Re: Basic question about Wireshark Andreas (Jul 24)
- Re: Basic question about Wireshark Frank Walter (Jul 24)
- Re: Basic question about Wireshark Andreas (Jul 25)
- Re: Basic question about Wireshark Frank Walter (Jul 25)
- Re: Basic question about Wireshark news.gmane.com (Jul 26)
- Re: Basic question about Wireshark Frank Walter (Jul 27)
- Re: Basic question about Wireshark Guy Harris (Jul 27)
- Re: Basic question about Wireshark news.gmane.com (Jul 28)
- Re: Basic question about Wireshark Frank Walter (Jul 28)
- Re: Basic question about Wireshark Frank Walter (Jul 24)
- Re: Basic question about Wireshark Boonie (Jul 24)
- Still unable to decode WPA2 on a MacBook Frank Walter (Jul 24)
- Re: Still unable to decode WPA2 on a MacBook francwalter (Jul 27)