Ask Your Question
0

Establishing a display filter that hides VMWare frames and packets.

asked 2018-08-30 15:30:51 +0000

greenfreq gravatar image

I've been trying to figure out a display filter that will allow me to hide packets from VMWare. I've tried using eth.addr but without success. eth.addr matches "^00:0c:29:" would in my mind check that the first three bytes matched; however, this does not appear to be the case. Any ideas on how to make this work?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-08-30 16:09:09 +0000

cmaynard gravatar image

As mentioned in the wireshark-filter man page, the matches (or ~) operator "is only implemented for protocols and for protocol fields with a text string representation.", of which the Ethernet source and destination MAC addresses are not.

In any case, I think you can use the slice operator to achieve your goal, for example:

eth.addr[0:3] == 00:0c:29
edit flag offensive delete link more

Comments

Thank you. the slice suggestion appears to work for my purposes.

greenfreq gravatar imagegreenfreq ( 2018-08-30 16:49:44 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-30 15:30:51 +0000

Seen: 415 times

Last updated: Aug 30 '18