> Does anyone know how to add a filter rule for a non tcp/udp protocol packet?
Display filter rule, or capture filter rule?
> for example, for not capturing LLS, I have tried:
>
> not lls
> not pro lls
> not protocol lls
>
> Never works. Maybe there isn't a way to do that?
In display filters, the rule "not XXX" will work if and only if Ethereal
has a dissector for the XXX protocol. Otherwise, you will have to
manually construct a rule, if possible, that looks at whatever fields in
whatever other headers determine whether a packet is a packet for
protocol XXX. Ethereal has no dissector for any "LLS" protocol.
In capture filters, the rule "not XXX" will work if and only if libpcap
(the library Ethereal uses to capture packets - it relies on libpcap, it
does *NOT* have its own code for capturing packets) knows about the XXX
protocol. Otherwise, you will have to manually construct a rule, if
possible, that looks at whatever parts of packet headers determine
whether a packet is a packet for protocol XXX. See the tcpdump manual
page for the syntax of capture filters. Libpcap knows nothing of any
"LLS" protocol.
I have never heard of the LLS protocol, so I cannot even come close to
suggesting what display or capture filters would work.