See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
--------------------------------------------------
From: "Mark Ryden" <markryde@xxxxxxxxx>
Sent: Monday, February 02, 2009 11:07 PM
To: <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] Using filter in sniffing a wireless LAN
Hello,
I have wireshark-1.0.3-1.fc10.
After putting a wireless nic into monitor mode, I try to sniff with a
filter for 1 minute thus:
"tshark -R "wlan.fc.type_subtype eq 4" -i wlan0 -w out.eth"
The filter "wlan.fc.type_subtype eq 4" means capturing only probe
request packets.
I am getting on the command line this output:
Capturing on wlan0
3
which means that it captured 3 packets. Indeed only 3 probe request
packets while the sniffer
was running. However, when I open with wireshark the sniff file that
was created by this sniff (out.eth) I see indeed this 3 packets but I
see many more packets - Beacons and Data.
In fact, I see 220 packets.
Why is it so ? Is it a BUG ? Or is something missing in my filter?
Rgs,
Mark
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
