hi folks,
my 1st day using ethereal - very cool
w/o filters, I get ARP traffic from my dsl router, Id like to filter them,
the ARP packets of dis-interest show as:
Frame 1 (60 on wire, 60 captured)
Arrival Time: Feb 23, 2002 15:40:10.856992000
Time delta from previous packet: 0.000000000 seconds
Time relative to first packet: 0.000000000 seconds
Frame Number: 1
Packet Length: 60 bytes
Capture Length: 60 bytes
Ethernet II
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Source: 00:04:9a:87:7b:7f (cisco)
Type: ARP (0x0806)
Trailer: 00000000000000000000000000000000...
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender hardware address: 00:04:9a:87:7b:7f
Sender protocol address: 10.0.0.1
Target hardware address: 00:00:00:00:00:00
Target protocol address: 10.0.0.243
from above, I infer that ARP is an Ethernet II protocol.
'not ether proto arp' -> unable to parse filter string (parse error)
'not ether proto ARP' -> " " " " "
(unknown ether proto ARP)
'not ip proto ARP' -> " (unknown ip proto ARP)
'not ip proto GRE' -> works.
'not ip proto 0x0806' -> works
so I conclude :
filtering IP protocols by name works (ex. GRE), but not for Ethernet
protocols.
or am I missing something ?
tia.
jimc