tcpdump mailing list archives

Any way to filter ether address when type is LINUX_SLL?

From: Edouard Gaulué via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Tue, 29 Dec 2020 15:13:43 +0100

--- Begin Message --- From: Edouard Gaulué <listes () e-gaulue com>
Date: Tue, 29 Dec 2020 15:13:43 +0100
Hi all,
I get a pcap flow from my router box (Peplink). The only thing I canchange is the dev "interface" from a web page. If one is chosen, I'vegot a EN10MB type and I can filter my incoming flow with "tcpdump -r --w - ether host 01:23:45:67:89:01". If I choose "All", I suppose "-iany" is added and then I get a LINUX_SLL type on which my command leadsto "tcpdump: ethernet addresses supported only on ethernet/FDDI/tokenring/802.11/ATM LANE/Fibre Channel".
Is there any way to filter the LINUX_SLL flow to keep only traffic fromspecific MAC address from tcpdump ? I mean before wireshark.
Regards, Édouard
--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Any way to filter ether address when type is LINUX_SLL? Edouard Gaulué via tcpdump-workers (Dec 29)