Re: does "port 25" work?

["U. George" <netbeans () gatworks com>]

> The filter "port domain" on an Ethernet interface (on my box) generates
> a BPF filter that looks for Ethertype 0x86dd for IPv6 OR 0x0800 for
> IPv4. It doesn't look for PPPoE, VLANs, GRE or anything else, because
> you didn't specify that in your filter.
Actually I didnt specify 0x86dd or 0x0800 either. I did specify device 
eth1 AND i did specify port domain. I dont care for ethertype filtering 
as it is not germane.
If PPPoE has port settings, then PPPoE packets should be filtered also. 
If VLANS, or GRE, or anything else has port designations, then that 
should be included in the filtering.

From a users point of view, if tcpdump can print the packet with out 
any ethertype options, then one should also be able to compare/match 
pieces  of the data stream without the use of or knowledge of ethertype 
specifics. The only item of significance ( for me ) is "port domain" 
from the specific interface. From my point of view, ethertype is wild, 
ip is wild, protocol is wild, and everything else is wild - with the 
exception of the port designation.
Its just intuitive.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.