tcpdump mailing list archives
VLAN BPF filter
From: "Ambika Tripathy" <Ambika.Tripathy () exfo com>
Date: Mon, 22 Aug 2011 15:25:54 +0300
Hi, I want to filter packets having VLAN id 7 or VLAN ID 10. Those are not Q-n-Q VLAN ID. So what should be perfect BPF syntax for it. When I tried using below syntax, it results only those packets having VALN ID as 7 and src host 10.21.22.2. ""( ( vlan 7 and src host 10.21.22.2 ) or ( vlan 10 and dst host 10.21.22.3) )"" Using tcpdump when I check the BPF code it comes as below. tcpdump -d -n -r ./test/sctp.cap "( ( vlan 7 and src host 10.21.22.2 ) or ( vlan 10 and dst host 10.21.22.3) )" reading from file ./test/sctp.cap, link-type EN10MB (Ethernet) (000) ldh [12] (001) jeq #0x8100 jt 2 jf 13 (002) ldh [14] (003) and #0xfff (004) jeq #0x7 jt 5 jf 13 (005) ldh [16] (006) jeq #0x800 jt 7 jf 9 (007) ld [30] (008) jeq #0xa151602 jt 26 jf 27 (009) jeq #0x806 jt 11 jf 10 (010) jeq #0x8035 jt 11 jf 13 (011) ld [32] (012) jeq #0xa151602 jt 26 jf 27 (013) ldh [16]--------------------------------------à Seems it takes second option as a inner VLAN filter. (014) jeq #0x8100 jt 15 jf 27 (015) ldh [18] (016) and #0xfff (017) jeq #0xa jt 18 jf 27 (018) ldh [20] (019) jeq #0x800 jt 20 jf 22 (020) ld [38] (021) jeq #0xa151603 jt 26 jf 27 (022) jeq #0x806 jt 24 jf 23 (023) jeq #0x8035 jt 24 jf 27 (024) ld [46] (025) jeq #0xa151603 jt 26 jf 27 (026) ret #65535 (027) ret #0 Please correct me. Br, Ambika Prasad Tripathy - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- compile error of tcpdump levin (Aug 19)
- VLAN BPF filter Ambika Tripathy (Aug 22)
- Re: VLAN BPF filter sthaug (Aug 22)
- Re: VLAN BPF filter Ambika Tripathy (Aug 22)
- Re: VLAN BPF filter sthaug (Aug 22)
- VLAN BPF filter Ambika Tripathy (Aug 22)