Wireshark · Wireshark-users: Re: [Wireshark-users] need help with stp capture filter

Wireshark-users: Re: [Wireshark-users] need help with stp capture filter

From: Sake Blok <sake@xxxxxxxxxx>

Date: Tue, 3 Aug 2010 17:17:46 +0200

On 3 aug 2010, at 16:55, Joe Dewberry wrote:

> I'm working on a project where I need a capture filter to see only the BPDUs that have the tcn bit set == 1.

On my non-vlan tagged network STP starts at offset 17 in the ethernet frame (14 bytes ethernet, 3 bytes LLC). Looking at the STP frame, the flags are at offset 4. The TC flag is the lowest bit. That would result in a filter like:

ether[21] & 1 = 1

Hope this helps,
Cheers,


Sake

References:
- [Wireshark-users] need help with stp capture filter
  - From: Joe Dewberry

Prev by Date: Re: [Wireshark-users] 802.11 Decryption works under Mac, doesnt work under Vista
Next by Date: [Wireshark-users] Wireshark with Vista
Previous by thread: [Wireshark-users] need help with stp capture filter
Next by thread: [Wireshark-users] Wireshark with Vista
Index(es):
- Date
- Thread