Dear all Using ubuntu 20.04 to capture traffic which have : vlan and pppoes tag witch -f like below :
dumpcap -f "vlan and pppoes and tcp" - i enp7s0
The dumpcap reponse with warning and no packet captured
Warning: Kernel filter failed: Invalid argument
the packet look like this :
Does any one have solution for this ? Thank you so much
This is not a Wireshark issue.
I can reproduce this on my Ubuntu 20.04 VM with tcpdump:
$ sudo tcpdump -i ens33 "vlan and pppoes and tcp"
Warning: Kernel filter failed: Invalid argument
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
0 packets captured
11 packets received by filter
0 packets dropped by kernel
Please file an issue on the libpcap issue list (and send a heartfelt "thank you!" to the Linux networking stack developers for the "extract VLAN tags from the packet and stuff them into skbuff metadata, so anything doing packet filtering and packet capture has to work around this packet mutilation" part of the kernel code).
Asked: 2022-04-06 10:10:28 +0000
Seen: 189 times
Last updated: Apr 07 '22
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Can you add the
dumpcap -vanddumpcap -f "vlan and pppoes and tcp" -i enp7s0 -doutput to the question?