Packet Capture GUI interface
-
Hi All
The packet capture interface has drastically changed in the latest versions. Before I was able to input an IP address I wanted to capture and also input NOT IP addresses I wanted to exclude so I could reduce "noise" and get only the data I wanted. Now that ability is gone and I can only select to include or exclude an IP address but not at the same time. Example: Before I could type 192.168.1.100, !192.168.1.200, !8.8.8.8, !123.123.123.123 . This would capture anything to/from 192.168.1.100 that was NOT to/from those IP addresses marked with !. Made for much easier troubleshooting. Now it looks like I would have to capture everything, export it and then perform exclusions in wireshark or some other program like that where before I could do this all in the GUI. Is there any way to get the old GUI functionality back or have that functionality in this new GUI?
Thank You
-
Don't you just love it, when they "improve" things? I'm also trying to figure out the new interface.
-
The previous interface did not allow filtering at all for tagged traffic. But did not show that, it just failed to capture anything! That was the primary driver here.
But, yes, there were likely to be some cases omitted and excluding specific address looks like one. Open a bug report: https://redmine.pfsense.org/
Steve
-
I still prefer to use Wireshark when I can. It allows for complex searches. Even when I use Packet Capture, I download and examine the capture with Wireshark. I also configured a small switch to use as a data tap.
-
-