Ah. And that is why we ask the questions. I didn't think of
moving farther down the stack for the capture filters.
Thanks to everyone who sent the idea.
Todd
On 8/1/2019 8:52 AM, Maynard, Chris via Wireshark-users wrote:
How about a capture filter such as this?
"vlan and not
How about a capture filter such as this?
"vlan and not (ether[14:2]&0x0fff = 20 or ether[14:2]&0x0fff = 30)"
- Chris
See also: https://ask.wireshark.org/question/3877/vlan-filter/
> -Original Message-
> From: Wireshark-users [mailto:wireshark-users-boun...@wireshark.org] On
> Behalf
Hi,
For this you have to go lower in the stack and access the packet bytes directly.
Have a look at proto [ expr : size ], where proto is ether. Now you can access
the bytes in the ethernet frame directly.
So start looking for 8100 as the ethertype, then extend the expression to make
