Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 13048] New: sshdump does not allow empty capture filter

Wireshark-bugs: [Wireshark-bugs] [Bug 13048] New: sshdump does not allow empty capture filter

Date: Tue, 25 Oct 2016 17:12:28 +0000

Bug ID	13048
Summary	sshdump does not allow empty capture filter
Product	Wireshark
Version	2.3.x (Experimental)
Hardware	All
OS	macOS 10.12
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Extras
Assignee	bugzilla-admin@wireshark.org
Reporter	stig@bjorlykke.org

Build Information:
Wireshark 2.3.0 (v2.3.0rc0-1220-gae88dbc from master)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.7.0, with libpcap, without POSIX capabilities, with
GLib 2.50.1, with zlib 1.2.8, with SMI 0.5.0, with c-ares 1.10.0, with Lua
5.2.3, with GnuTLS 3.4.16, with Gcrypt 1.7.3, with MIT Kerberos, with GeoIP,
with nghttp2 1.15.0, with LZ4, with Snappy, with QtMultimedia, without AirPcap.

Running on Mac OS X 10.12.1, build 16B2555 (Darwin 16.1.0), with Intel(R)
Core(TM) i7-5557U CPU @ 3.10GHz (with SSE4.2), with 16384 MB of physical
memory,
with locale en_US.UTF-8, with libpcap version 1.8.0, with GnuTLS 3.4.16, with
Gcrypt 1.7.3, with zlib 1.2.8.

Built using clang 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.38).

--
It's not possible to use the sshdump extcap with a empty capture filter.  This
because sshdump always will add a default_filter if the configured filter is
empty.

Because of this it's not possible to capture from remote interfaces which does
not have support for filtering, like bluetooth and usb interfaces.


pi@raspberrypi:~ $ tcpdump -D
5.bluetooth0 (Bluetooth adapter number 0)

pi@raspberrypi:~ $ tcpdump -U -i5 -w - "not port 22"
tcpdump: Bluetooth link-layer type filtering not implemented


It should be possible to use extcap without a capture filter.


Note: It *is* possible as a work around to use a single space as capture filter
to start a capture, but this is not saved/restored so it's not possible to
start a new capture or restart a capture with this work around without adding
the space in the options dialog each time.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 13047] New: Feature Request: Add keyboard Shortcut and or GUI button for Follow Stream
Next by Date: [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
Previous by thread: [Wireshark-bugs] [Bug 13047] New: Feature Request: Add keyboard Shortcut and or GUI button for Follow Stream
Next by thread: [Wireshark-bugs] [Bug 13048] sshdump does not allow empty capture filter
Index(es):
- Date
- Thread