Then the picture changes and you need to reassess the situation. If you have confirmed you are tracing with the right interface and you have correctly typed your display filter, and you /still/ not seeing any packets, then the only thing to conclude is that those packets were never sent or received on your network interface. Then you should /only/ see packets with a source or destination port 8080. You should see that tcpdump -d 'tcp port 80' and tcpdump -d 'tcp port http' produce the same output.
Once the trace has started, then you should be able to use type your filter (the /display/ filter) into the filter toolbar in the Wireshark interface. And don't forget that you can verify what port is in use for a filter such as 'tcp port http' by telling tcpdump to dump the compiled packet matching code using the -d option. Then select that interface and click the Start button. To do this quickly and simply, I would click Capture > Interfaces and confirm which interface is receiving packets. Or, go to the Wireshark toolbar and select the red Stop button that's located next to the shark fin. Select File > Save As or choose an Export option to record the capture.
tcp port 8080 is /capture/ filter, but tcp.port = 8080 is /display/ filter.įirst thing I would confirm is that I am using the right interface. Select the shark fin on the left side of the Wireshark toolbar, press Ctrl+E, or double-click the network. You have to decide whether to use a /capture/ filter or a /display/ filter - the syntax is different between those two filter types.
0 kommentar(er)
