 | 1 | initial version |
As you noticed, combining BPF filters that contain different layers using the standard operators is not possible. But you can always turn to looking at data at specific offsets yourself. As that is what the compiling of your BPF filter basically does.
So, the simplest way would be to check for the IP addresses at the calculated offsets like: ether[34:4]=0x0a000001 or ether[42:4]=0x0a000001 I'm not sure if I calculated the offsets correctly for your case, but that is easy to verify in the hexdata).
Of course you can extend this to check for the vlan ethertype and pppos ethertype at the correct offsets for incoming and outgoing packets, but I leave that as an exercise to the reader ;-)
