Thanks a lot, Bill! That was a great, compact lesson!
On Thu, Oct 18, 2012 at 1:50 PM, Bill Fenner wrote:
> On Oct 18, 2012, at 7:00 AM, Ezequiel Garzón wrote:
>
>> Thanks for your reply, Bill.
>>
>>> "ether proto \ip" is:
>>
>> In
m sorry to insist on this open-ended issue. I know there must be
something off with my understanding, and would like to fix it if
possible!
Thanks again.
Best regards,
Ezequiel
On Wed, Oct 17, 2012 at 4:49 PM, Bill Fenner wrote:
> On Wed, Oct 17, 2012 at 3:59 AM, Ezequiel Garzón
> wrot
Greetings! I'm trying to understand tcpdump expressions a bit more,
and I'm confused about a basic example given in the pcap-filter man
pages. They first state:
| The filter expression consists of one or more primitives. Primitives
usually consist of an id (name or number) preceded by one or more
