How to block own rpcap traffic where tshark is running?

Posted by Pankaj Goyal on Server Fault See other posts from Server Fault or by Pankaj Goyal
Published on 2013-11-07T19:08:21Z Indexed on 2013/11/07 21:59 UTC
Read the original article Hit count: 408

Filed under:

wireshark

|

tshark

Platform :- Fedora 13 32-bit machine

RemoteMachine$ ./rpcapd -n

ClientMachine$ tshark -w "filename" -i "any interface name"

As soon as capture starts without any capture filter, thousands of packets get captured. Rpcapd binds to 2002 port by default and while establishing the connection it sends a randomly chosen port number to the client for further communication. Both client and server machines exchange tcp packets through randomly chosen ports. So, I cannot even specify the capture filter to block this rpcap related tcp traffic.

Wireshark & tshark for Windows have an option "Do not capture own Rpcap Traffic" in Remote Settings in Edit Interface Dialog box. But there is no such option in tshark for linux.

It will be also better if anyone can tell me how wireshark blocks rpcap traffic....

© Server Fault or respective owner

Related posts about wireshark

wireshark http POST

as seen on Server Fault - Search for 'Server Fault'
Hi I would like to have a http POST request method CAPTURE filter I know it is easy to do it by display filter http.request.method==POST but I need tcpdump compatible I wrote tcp dst port 80 and (tcp[13] = 0x18) But it is not perfect... tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) 2):4] =… >>> More
How to filter http traffic in Wireshark?

as seen on Server Fault - Search for 'Server Fault'
I suspect my server has a huge load of http requests from its clients. I want to measure the volume of http traffic. How can I do it with Wireshark? Or probably there is an alternative solution using another tool? This is how a single http request/response traffic looks in Wireshark. The ping is… >>> More
Multi language support in wireshark

as seen on Super User - Search for 'Super User'
Do we have multiple language support with Wireshark. We are using Windows Xp SP2 and Ubuntu Linux environment. Actually we have a plugin which is UDP based and we have a requirement to Analyse the Information in Packet List Pane and Packet Details Pane to be viewed in other languages like French… >>> More
Wireshark is not capturing traffic through http://localhost:8888

as seen on Super User - Search for 'Super User'
Currently, my wireshark can capture traffic from http://localhost (traffic that is on port 80) but it won't capture traffic on localhost:8888 Is there any extra configuration/software that I need for wireshark to capture traffic of localhost on this port? I'm running Ubuntu 9.10 >>> More
Saving Wireshark capture settings for future use

as seen on Server Fault - Search for 'Server Fault'
Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it's possible to use scripts generating bunch of capture settings, such with different filter setting. Does anyone know? Thanks. >>> More

Related posts about tshark

Count all received packet using Tshark

as seen on Server Fault - Search for 'Server Fault'
i am build application who start capturing via Tshark with command line and i am looking for option to count all the received packets after i am start Tshark process this is my function who start the process: int _interfaceNumber; string _pcapPath; Process tshark = new Process(); tshark… >>> More
"tshark: There are no interfaces on which a capture can be done" in Amazon Linux AMI

as seen on Server Fault - Search for 'Server Fault'
My goal is to capture packets with tshark in Amazon Linux AMI. While typing tshark in the command line there's an error: "tshark: There are no interfaces on which a capture can be done" How to implement the solution from Wireshark setup Linux for nonroot user $ sudo apt-get install wireshark $… >>> More
Capturing same interface with tshark with same or different capture filters

as seen on Server Fault - Search for 'Server Fault'
I am in stuck in a situation where an interface will be captured more than one time. Like :- $ tshark -i rpcap://1.1.1.1/lo -f "ip proto 1" -i rpcap://1.1.1.1/lo -f "ip proto 132" or (same filter) $ tshark -i rpcap://1.1.1.1/lo -f "ip proto 1" -i rpcap://1.1.1.1/lo -f "ip proto 1" what will happen… >>> More
How to block own rpcap traffic where tshark is running?

as seen on Server Fault - Search for 'Server Fault'
Platform :- Fedora 13 32-bit machine RemoteMachine$ ./rpcapd -n ClientMachine$ tshark -w "filename" -i "any interface name" As soon as capture starts without any capture filter, thousands of packets get captured. Rpcapd binds to 2002 port by default and while establishing the connection it sends… >>> More
Using tshark to generate traffic logs every X seconds

as seen on Server Fault - Search for 'Server Fault'
I'm trying to use tshark to maintain a running history of all the packets that are going through an interface, for say 30 seconds. I want it to be human readable. This is a linux machine, and without mucking too much into the netstack source (which I can do if push comes to shove), I was wondering… >>> More