Ethereal-users: Re: [Ethereal-users] Sniffing VLAN tagged packets with capture filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "PHIL ENTZ" <pentz@xxxxxxxxxx>
Date: Fri, 30 Apr 2004 14:36:20 -0500
Thanks Martin, for the link to the WinDump manual and a more comprehensive document for capture filter construction. I did not know about the VLAN qualifier. That said, I am still having trouble capturing exactly what I want. For instance:

Say I want to capture all the IP traffic to and from remote network
192.168.1.0. All the traffic TO the network is from a tagged vlan (ie: the
packets will have a vlan tag). All the traffic FROM the network is not
tagged.

If I use capture filter "net 192.168.1.0" it captures all the traffic coming
from 192.168.1.0 (doesn't capture the vlan tagged traffic to the network).

If I use capture filter "vlan 2 and net 192.168.1.0" it captures all the
traffic going to 192.168.1.0 (doesn't capture the non tagged traffic from
the network).

Now, I would think the capture filter "(vlan 2 and net 192.168.1.0) or (net
192.168.1.0)" should capture all the traffic to and from the network but it
doesn't - I still see only the vlan tagged traffic.

What am I missing and how would one construct a capture filter to accomplish my objective?

Thanks again.
Phil