Guy Harris wrote:
On Jul 31, 2008, at 10:48 AM, U. George wrote:
why does adding the "PORT" conditional also modify the wild-card
aspects of "ethernet type"
To what "wild-card aspects of 'ethernet type'" are you referring?
If you say "port domain", that can only match TCP or UDP packets, which
means it can only match IP packets, which means it *cannot* match
arbitrary Ethernet types.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
if i say this:
tcpdump -n -v -i eth1
i get a log of: ether type * and port *, ie the PPPoE data.
If i say
tcpdump -n -v -i eth1 port domain
i get a filter of ether (type UDP or TCP) and port domain, and no PPPoE data
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
