capture filter "vlan and stp" showing nothing

asked 2019-03-06 00:50:31 +0000

surenets
1 ●1 ●2

What am I doing wrong? I have a dot1q trunk and am trying to capture stp traffic only. I use the filter "vlan and stp" and get nothing. but if I capture traffic with no capture filter and use "stp" as a display filter I see all the stp packets with their 802.1q tags.

all the traffic on this trunk is 802.1q tagged ...

thanks for any help ... I'm a noob. ;-)

edit retag flag offensive close merge delete

Comments

update:

vlan part of the filter works ... I sniffed without tags and capture of stp still doesn't work
stp packets I'm seeing are pvst stuff, display filter recognizes them
the BPF code lets me know that the capture filter doesn't recognize this form of stp:

(000) ldh [12]

(001) jgt #0x5dc jt 5 jf 2 (checks that the packets are 1500 bytes or less)

(002) ldb [14]

(003) jeq #0x42 jt 4 jf 5 (spanning tree SAP)

(004) ret #262144

(005) ret #0

but the packets for RPVST have SNAP PID of 0x010B

I'm guessing, but is there a way to capture filter based on the SNAP PID?

Apparently the display filtering system knows how to do it, but the capture filtering doesn't.

surenets ( 2019-03-06 03:34:45 +0000 )edit

add a comment

Comments

thank you ... I added a filter "vlan and ether[18:2]=0xaaaa" and limited my capture to SNAP and that's good enough for what I'm doing.

surenets ( 2019-03-06 18:51:52 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

capture filter "vlan and stp" showing nothing

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

capture filter "vlan and stp" showing nothing edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

capture filter "vlan and stp" showing nothing