But I’m looking to capture all packets coming from NICs which MAC address that start with 01:23:45
I have tried ether src[0:3]=01:23:45 or ether src[0:3] 01:23:45 or ether host
src[0:3] 01:23:45 but all returns a parse error
I’m using ethereal 0.10.0, tcpdump 3.8, libpcap 0.8
Any ideas as to what I should use or what i'm doing wrong.
It's 'proto[start:size]', where 'size' can be 1, 2 or 4, with a default of 1. So to do what you want something like 'ether[6:2] = 0x0123 and ether[8] = 0x45' should work.
--
Groeten,
Marco.
_______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
