Wireshark mailing list archives

Re: Basic question about Wireshark

From: "Frank Walter" <francwalter () gmx net>
Date: Tue, 26 Jul 2011 07:44:44 +0200

Hm. No, this didn't work.
But when I set 'Capture Filter:' to "No Broadcast and no Multicast" in the "Wireshark: Capture Options" Dialog it works.
No more broadcast packets are shown.
Now I discovered that I have all those packets from other wifi networks in my list.
How can I filter them out?

And still the decryption of the packets of my wifi network doesn't work at all.
http://www.wireshark.org/lists/wireshark-users/201107/msg00071.html

It gives no sense to capture my network without decrypting it.
I think I just give it up, my last hope is the Neowin Developer, Robert Wright, who wrote the article about Wireshark 
on Macbook with decryption. 
I sent him an email.

Thank you anyway.

Kind regards, 

Frank Walter

-----Ursprüngliche Nachricht-----
Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org]
Im Auftrag von Andreas
Gesendet: Montag, 25. Juli 2011 21:44
An: wireshark-users () wireshark org
Betreff: Re: [Wireshark-users] Basic question about Wireshark

Am 24.07.2011 19:39, schrieb Frank Walter:

OK, this is clear now. Thank you!

Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark

1.6.1.

I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff).
When I try to set a filter that all those Broadcast-packets are omitted, it ends only in

an empty list.

I tried:

eth.dst != ff:ff:ff:ff:ff:ff

but also with eth.dst == ff:ff:ff:ff:ff:ff

the result is empty. I don't know how to call the Destination, the context-menu "Apply

as filter / Selected" gives me the wrong name (eth.dst).


What is it?


Both display filters
   eth.dst != ff:ff:ff:ff:ff:ff
   eth.dst!=ff:ff:ff:ff:ff:ff
work for me (Wireshark 1.6.0). Are you sure you have broadcast and
not-broadcast packets.

Anyway you should use
   !(eth==ff:ff:ff:ff:ff:ff)
to exclude broadcast.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Basic question about Wireshark Frank Walter (Jul 24)
- Re: Basic question about Wireshark Boonie (Jul 24)
  - Re: Basic question about Wireshark Frank Walter (Jul 24)
    - Re: Basic question about Wireshark Andreas (Jul 24)
    - Re: Basic question about Wireshark Frank Walter (Jul 24)
    - Re: Basic question about Wireshark Andreas (Jul 25)
    - Re: Basic question about Wireshark Frank Walter (Jul 25)
    - Re: Basic question about Wireshark news.gmane.com (Jul 26)
    - Re: Basic question about Wireshark Frank Walter (Jul 27)
    - Re: Basic question about Wireshark Guy Harris (Jul 27)
    - Re: Basic question about Wireshark news.gmane.com (Jul 28)
    - Re: Basic question about Wireshark Frank Walter (Jul 28)
    - Still unable to decode WPA2 on a MacBook Frank Walter (Jul 24)
    - Re: Still unable to decode WPA2 on a MacBook francwalter (Jul 27)