Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

As mentioned in the wireshark-filter man page, the matches (or ~) operator "is only implemented for protocols and for protocol fields with a text string representation.", of which the Ethernet source and destination MAC addresses are not.

In any case, I think you can use the slice operator to achieve your goal, for example:

eth.addr[0:3] == 00:0c:29