Wireshark mailing list archives
Problem using VLAN capture filter
From: Andrew Daviel <advax () triumf ca>
Date: Mon, 23 Jun 2014 16:42:24 -0700 (PDT)
We have a machine set up with an interface connected to a mirror port on a network router. On the router, multiple VLANs are mirrored to the same port.
Until recently, we had an ancient machine running RedHat Linux 7.3,with Linux 2.4.20, tcpdump-3.6, libpcap-0.6 and an optical gigabit interface.
We could capture packets with e.g. "tcpdump -i eth1 -w eth1.cap" and then replay them with e.g. "tcpdump -r eth1.cap vlan 901 and host 192.168.3.4". Or we could capture live packets with e.g. "tcpdump -i eth1 vlan 901 and host 192.168.3.4". We replaced this with a newer machine with CentOS 6, Linux 2.6.32, tcpdump-4.0.0, libpcap-1.4, wireshark-1.8.10.On this machine we can capture as before, and then use a VLAN filter during analysis with tcpdump or wireshark.
But if I use a VLAN filter during capture, no packets are matched.Without the VLAN filter, all packets are matched, and I can filter by host address etc. This is the same in tcpdump and wireshark.
How can I get the live capture filter to work ? I want to be able to look at just one VLAN without having to build a complex ip address-based filter.
-- Andrew Daviel, TRIUMF, Canada ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Problem using VLAN capture filter Andrew Daviel (Jun 23)