[Winpcap-users] strange filtering issue
Guy Harris
guy at alum.mit.edu
Thu May 1 22:43:01 UTC 2014
On May 1, 2014, at 3:38 PM, Jerry Riedel <riedel at codylabs.com> wrote:
> Yep. It looks like the issue may center around the question that Guy was asking about VLAN headers. I’m using Wireshark to view the capture file and it shows that the packets to the filtered host that are ending up in the file are just the packets where dst = 192.168.10.2 (src = 192.168.10.2 are missing) and these have a VLAN1 header for some reason. Looks like something upstream is adding a VLAN tag that shouldn’t be there and if I understand the reason for Guy’s question, the issue is the offset from the VLAN header being prepended to the packet.
So try
vlan and !host 192.168.10.2
(but it's odd that, when not saving to a file, you saw no VLAN packets to/from 192.168.10.2).
More information about the Winpcap-users
mailing list