You've to be a bit careful with the vlan keyword as a BPF filter (when combining it with other filters), as it moves filters 4 bytes to the right, see here:
http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php.
You could also use a filter of the ethernet header - this link describes the solution and potential issues perfectly:
http://serverfault.com/questions/196250/tcpdump-capture-one-of-several-vlans.
No comments:
Post a Comment