Wireshark · Ethereal-users: RE: [Ethereal-users] Capture Filter in Ethereal

Ethereal-users: RE: [Ethereal-users] Capture Filter in Ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "McNutt, Justin M." <McNuttJ@xxxxxxxxxxxx>

Date: Thu, 4 Oct 2001 08:03:35 -0500

More generically, I haven't figured out - based on the tcpdump man page - whether or not it's possible to select bytes based on their frame offset (which would solve the problem below by selected bytes 7-9, which is the source OUI). Help?

--J

-----Original Message-----
From: Kerwin Teong [mailto:eng80276@xxxxxxxxxx]
Sent: Tuesday, October 02, 2001 10:06 AM
To: ethereal-users@xxxxxxxxxxxx
Cc: Eng Soo Guan
Subject: [Ethereal-users] Capture Filter in Ethereal
Importance: High

Dear All,

I was trying to capture packets from wireless users in the network. As a result, I resorted to trying to filter the packets by comparing the 1st three bytes of the the MAC address with the IEEE OUI (e.g. Lucent Technologies' OUI is 00:60:1D) and hope to capture packets coming from hosts with Lucent Wireless LAN cards.

However, I have problems defining this filter _expression_ in the CAPTURE filter. I have looked in the tcpdump manual but was able to decipher this. Anyone who knows how to solve this can care to enlighten me?

Thanks in advance,

Kerwin.

Follow-Ups:
- Re: [Ethereal-users] Capture Filter in Ethereal
  - From: Guy Harris

Prev by Date: RE: [Ethereal-users] loading MIBS
Next by Date: [Ethereal-users] Need Help Understanding Data Window
Previous by thread: [Ethereal-users] Capture Filter in Ethereal
Next by thread: Re: [Ethereal-users] Capture Filter in Ethereal
Index(es):
- Date
- Thread