 | 1 | initial version |
What am I doing wrong?
Trying to filter traffic on a network with VLANs.
vlan 70 or vlan 90
Unfortunately, "vlan" is handled in a fashion that causes all filters after a "vlan N" filter to assume the packet is already in a VLAN, so the checks affect the header inside the VLAN header.
I.e., it means that the "vlan 90" test doesn't test the outer VLAN header, it tests a VLAN header inside the "vlan 70" header.
Yes, this is a libpcap/WinPcap/Npcap bug.
Unfortunately, there's no easy workaround.
icmp
Are the replies going over a VLAN and the requests not going over a VLAN? If so, you need to do icmp or (vlan and icmp). More of the pain from the way "vlan" is handled.
not ip
Is the IP traffic you're seeing either 1) IPv6 traffic or 2) VLAN traffic?
If it's IPv6 traffic, you need not ip and not ip6.
If it's VLAN traffic, I'm not sure there's a workaround.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
