Whether it is possible to fix this problem in the stable version?
FILTER[ not vlan ] --> FILTER[ vlan ] == not empty (Why?)
FILTER[ ip ] --> FILTER[ vlan ] == not empty (Why?)
FILTER[ ether[12:2]=0x800 ] --> FILTER[ vlan ] == not empty (Why?)
tcpdump -p -i eth0 not vlan -w - | tcpdump -r - vlan -c1 -e -n
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
reading from file -, link-type EN10MB (Ethernet)
02:25:54.450269 00:1b:21:**:**:** > 00:10:db:**:**:**, ethertype 802.1Q
(0x8100), length 2578: vlan 3045, p 0, ethertype IPv4,
89.***.***.***.3128 > 192.168.**.4.6865: Flags [.], seq
2518769629:2518772149,
ack 2848198240, win 63000, length 2520
tcpdump -p -i eth0 ip -w - | tcpdump -r - vlan -c1 -e -n
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
reading from file -, link-type EN10MB (Ethernet)
02:28:27.636194 00:1b:21:**:**:** > 00:18:7d:**:**:**, ethertype 802.1Q
(0x8100), length 58: vlan 14, p 0, ethertype IPv4,
217.**.**.***.16800 > 89.**.***.***.443: Flags [.],
ack 2611390156, win 65535, length 0
tcpdump -p -i eth0 "ether[12:2]=0x800" -w - | tcpdump -r - vlan -c1 -e -n
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535
bytes
reading from file -, link-type EN10MB (Ethernet)
02:31:52.851021 00:1b:21:**:**:** > 00:00:5e:**:**:**, ethertype 802.1Q
(0x8100), length 220: vlan 10, p 0, ethertype IPv4,
89.***.***.**.20020 > 79.***.**.***.52853: Flags [P.], seq
3133361465:3133361615,
ack 2748060301, win 29, options [nop,nop,TS val 38458332 ecr
4269985946], length 150
Thanks.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
