Dan Joumaa wrote:
Hello,
I am trying to capture all ethernet packets with the source host's first
3 octets being 00, 09, and bf. It was suggested that I used this filter:
"ether[0] == 0x00 && ether[1] == 0x09 && ether[2] == 0xbf." When packets
are sent that should match, nothing comes through. When I remove the
filter, I'm able to receive the packets, along with every other packet.
What's wrong with my filter?
perhaps the filter is alright and the data is wrong ;-) -> i.e.
an idea that come sinto mind is that
the packets come in using 802.1Q (VLAN) encaps ...
can you provide some more information about your capturing interface ?
/hannes
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
