How to block own rpcap traffic where tshark is running?

Posted by Pankaj Goyal on Server Fault See other posts from Server Fault or by Pankaj Goyal
Published on 2013-11-07T19:08:21Z Indexed on 2013/11/07 21:59 UTC
Read the original article Hit count: 317

Filed under:
|

Platform :- Fedora 13 32-bit machine

RemoteMachine$ ./rpcapd -n

ClientMachine$ tshark -w "filename" -i "any interface name"

As soon as capture starts without any capture filter, thousands of packets get captured. Rpcapd binds to 2002 port by default and while establishing the connection it sends a randomly chosen port number to the client for further communication. Both client and server machines exchange tcp packets through randomly chosen ports. So, I cannot even specify the capture filter to block this rpcap related tcp traffic.

Wireshark & tshark for Windows have an option "Do not capture own Rpcap Traffic" in Remote Settings in Edit Interface Dialog box. But there is no such option in tshark for linux.

It will be also better if anyone can tell me how wireshark blocks rpcap traffic....

© Server Fault or respective owner

Related posts about wireshark

Related posts about tshark