Ethereal-users: Re: [Ethereal-users] Capturing a range of MAC addresses

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Marco van den Bovenkamp <marco@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 11 Feb 2004 22:25:09 +0100
menxit@xxxxxxxxx wrote:


But I’m looking to capture all packets coming from
NICs which MAC address that start with 01:23:45
I have tried ether src[0:3]=01:23:45 or ether src[0:3] 01:23:45 or ether host 
src[0:3] 01:23:45       but all returns a parse error

I’m using ethereal 0.10.0, tcpdump 3.8, libpcap 0.8

Any ideas as to what I should use or what i'm doing
wrong.
It's 'proto[start:size]', where 'size' can be 1, 2 or 4, with a default of 1. So to do what you want something like 'ether[6:2] = 0x0123 and ether[8] = 0x45' should work. 

--

		Groeten,

			Marco.