Re: capturing packets on two interfaces: eth0 and lo

[esolve esolve <esolvepolito () gmail com>]

I'm wondering whether running two instances will lead to capturing
problems, like packet losses, out of order, or even packet dilivery
problems, as in my case, these packets will sequentially pass eth0 and lo

2012/10/31 Guy Harris <guy () alum mit edu>

> On Oct 31, 2012, at 7:18 AM, esolve esolve <esolvepolito () gmail com> wrote:
>
> > I'm capturing packets related to a  program which uses a local socks
> proxy, the packets on eth0 are encrypted while the packets on lo are
> corresponding decrypted content.
> > I'm wondering whether it is possible to simultaneously capturing packets
> on two interfaces: eth0 and lo, and output the packets into two different
> files?
>
> Yes, by running two instances of tcpdump, dumpcap, TShark, or Wireshark.
>
> It's also possible to simultaneously capture on two interfaces and output
> the packets into *one* file with a single instance of dumpcap, TShark, or
> Wireshark, but not tcpdump (which can't write pcap-ng files).
>
> It's not possible to simultaneously capture on two interfaces and output
> the packets into separate files with one instance of any of the programs
> listed above.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe