Using the same exact filter syntax, capture filters work in tshark but not wireshark.
Using this command: tshark -i Ethernet -f "host 10.10.10.120 && (ether[48:2]==0x0201 || ether[48:2]==0x0301)" produces a filtered output in tshark: tshark output
the same filter expression in wireshark: wshark filter produces a capture without any filtering: filter didn't work.
Here's an example of a packet that I want to show up. I'm wondering if the top line should have Src: 10.10.10.120, and it's messed up because I'm doing a playback instead of live data?: packet example
I swear my wireshark capture filter used to work. I don't know what happened.
