tcpdump mailing list archives
Any way to filter ether address when type is LINUX_SLL?
From: Edouard Gaulué via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Tue, 29 Dec 2020 15:13:43 +0100
--- Begin Message --- From: Edouard Gaulué <listes () e-gaulue com>
Date: Tue, 29 Dec 2020 15:13:43 +0100
Hi all,I get a pcap flow from my router box (Peplink). The only thing I can change is the dev "interface" from a web page. If one is chosen, I've got a EN10MB type and I can filter my incoming flow with "tcpdump -r - -w - ether host 01:23:45:67:89:01". If I choose "All", I suppose "-i any" is added and then I get a LINUX_SLL type on which my command leads to "tcpdump: ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel".Is there any way to filter the LINUX_SLL flow to keep only traffic from specific MAC address from tcpdump ? I mean before wireshark.Regards, Édouard
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Any way to filter ether address when type is LINUX_SLL? Edouard Gaulué via tcpdump-workers (Dec 29)