Ethereal-users: RE: [Ethereal-users] Filters and airodump captures

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Charsley, Troy (Sudbury)" <tcharsle@xxxxxxxx>
Date: Fri, 15 Jul 2005 10:16:07 -0400
Here is an example of a filter I am using:
eth.src == 00:12:7f:ce:8d:70

And an example of an expected packet it would return...


0000  80 00 00 00 ff ff ff ff  ff ff 00 12 7f ce 8d 70   ........ .......p
0010  00 12 7f ce 8d 70 00 42  92 51 b9 2d 28 00 00 00   .....p.B .Q.-(...
0020  64 00 11 04 00 0e 44 44  52 42 54 65 63 68 42 72   d.....DD RBTechBr
0030  69 64 67 65 01 08 82 84  8b 0c 12 96 18 24 03 01   idge.... .....$..
0040  01 05 04 01 02 00 00 2a  01 04 32 04 30 48 60 6c   .......* ..2.0H`l
0050  85 1e 00 00 4d 00 0f 00  ff 03 18 00 4d 69 6e 65   ....M... ....Mine
0060  73 54 65 63 68 57 4c 41  4e 00 00 00 01 00 00 25   sTechWLA N......%
0070  dd 06 00 40 96 01 01 00  dd 05 00 40 96 03 03 dd   ...@.... ...@....
0080  16 00 40 96 04 00 03 07  a4 00 00 23 a4 00 00 42   ..@..... ...#...B
0090  43 00 00 62 32 00 00 dd  18 00 50 f2 02 01 01 03   C..b2... ..P.....
00a0  00 03 a4 00 00 27 a4 00  00 42 43 5e 00 62 32 2f   .....'.. .BC^.b2/
00b0  00  

This is a beacon packet.  After applying the filter no packets are displayed
(I should be seeing a beacon every 100ms).

If I try to filter out the same packet with:
!(eth.src == 00:12:7f:ce:8d:70)

The beacon packets remain displayed.  No packets are removed.  The same
happens with other types of packets.

Something is strange...


Regards,

Troy Charsley


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: Thursday, July 14, 2005 12:34 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] Filters and airodump captures


tcharsle@xxxxxxxx wrote:
> Does anyone have problems with Filters not working right with 'airodump' 
> capture files?
> 
> Any == filter ends up returning no packets, any ! filter doesn't remove 
> unwanted packets.

The Ethereal filter code - and, in fact, the vast majority of the code 
in Ethereal - doesn't know what type of capture file is being used, so 
this is unlikely to have anything to do with the fact that it's a 
particular type of capture file.

Do you have an example of an == filter that returns no packets and of a 
packet it should have matched, or of a ! filter that doesn't remove 
unwanted packets and of one of the packets it should have removed, so we 
can see what the problem might be?

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users