[Winpcap-users] strange filtering issue
Jerry Riedel
riedel at codylabs.com
Mon May 5 16:12:18 UTC 2014
To filter out only packets to or from that host, and not filter out all non-tagged packets, do
!host 192.168.10.2 or (vlan and !host 192.168.10.2)
> that does _not_ work - still get the packets that have the vlan header. I have seen tcpdump (and windump) references saying that the parentheses must be escaped and/or that the expression must be quoted; is that necessary with Windows?
>> to more specific, with the filter expression string above, it is not filtering out packets where VLAN is true and destination host is 192.168.10.2. If I remove the parentheses and use !host 192.168.10.2 or vlan and !host 192.168.10.2, then it works.
FWIW, I did some more hunting and found some better documentation on windump that indicated that parentheses do not need to be escaped in Windows. As an experiment, I tried quoting the expression: using double quotes " had no effect, single quotes threw an error.
More information about the Winpcap-users
mailing list