Re: A broken filter...

[Dan Joumaa <nessup () gmail com>]

Hello,

I am trying to capture all ethernet packets with the source host's first 
3 octets being 00, 09, and bf. It was suggested that I used this filter: 
"ether[0] == 0x00 && ether[1] == 0x09 && ether[2] == 0xbf." When packets 
are sent that should match, nothing comes through. When I remove the 
filter, I'm able to receive the packets, along with every other packet.

What's wrong with my filter?

--ness

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.