Comments by Jérôme Pinard 2021 (Top 2 by date)

Jérôme Pinard 2021 6-Oct-22 9:03am View

Finally found the solution for filtering incoming trafic from a specific mac vendor : ether [6:1] =0x00 and ether [7:1] =0x00 and ether [8:1] =0x0A

Jérôme Pinard 2021 6-Oct-22 8:50am View

Well in fact, this solution work as display filter, not as cpature filter.
The best I can get with capture filter is this expression, "ether[0:4] & 0xffffff00 = 0x00000a00"
but it only capture outgoing traffic to this mac address.
I tried to write "ether[6:4] & 0xffffff00 = 0x00000a00" because I've seen that on incoming fames, the mac address of my device was at the offset 6 but without success