Friday, January 25, 2013
BPF and VLAN
You've to be a bit careful with the vlan keyword as a BPF filter (when combining it with other filters), as it moves filters 4 bytes to the right, see here: http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php.
You could also use a filter of the ethernet header - this link describes the solution and potential issues perfectly: http://serverfault.com/questions/196250/tcpdump-capture-one-of-several-vlans.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment