Wireshark-users: Re: [Wireshark-users] Why is default filter 'not tcp port 3389' ?
Hi,
There's a nice commentblock in util.c that explains this:
/* Try to figure out if we're remotely connected, e.g. via ssh or
Terminal Server, and create a capture filter that matches aspects of the
connection. We match the following environment variables:
SSH_CONNECTION (ssh): <remote IP> <remote port> <local IP> <local port>
SSH_CLIENT (ssh): <remote IP> <remote port> <local port>
REMOTEHOST (tcsh, others?): <remote name>
DISPLAY (x11): [remote name]:<display num>
CLIENTNAME (terminal server): <remote name>
*/
Thanx,
Jaap
On Mon, 28 Aug 2006, Ulf Lamping wrote:
> Gerald Combs wrote:
> > Andrew Schweitzer wrote:
> >
> >> Jee Kay wrote:
> >>
> >>> On 26/08/06, Ben Stover <bxstover@xxxxxxxxxxx> wrote:
> >>>
> >>>
> >>>> After the installation of WireShark the default Capture filter is set to
> >>>> 'not tcp port 3389'
> >>>> Why ?
> >>>>
> >>> Because you're connecting to the machine via RDP.
> >>>
> >> I always wondered that myself. Are you saying you are making a
> >> connection to your own machine over RDP?
> >>
> >
> > The filter is set automatically if the CLIENTNAME environment variable
> > is set. It's supposed to keep you from overrunning your capture with
> > traffic generated by your Terminal Server / Remote Desktop / RDP
> > session. We do something similar for SSH and X11 sessions as well.
> >
> > According to the TechNet article at
> >
> > http://technet2.microsoft.com/WindowsServer/en/library/6caf87bf-3d70-4801-9485-87e9ec3df0171033.mspx?mfr=true
> >
> > CLIENTNAME should only be set for remote sessions. Is this not the case?
> >
> This feature should be explained in the User's Guide.
>
> As I don't know this feature well, could someone write a description how
> this is working (in a user related view). Just in plain text, I'll
> reformat it into docbook/XML then.
>
> Regards, ULFL
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>