So I have some capture files and I I'd like to view only traffic to/from a specific MAC address.
First I tried highlighting one the packets from my desired source and selecting right menu apply as filter. This set the display filter to be "eth.addr eq 78:bd:bc:5f:3a:07". But that shows no packets at all.
It turns out that my capture is from Linux and contains sll pseudo-link-layer info. I found that a filter like this works: "sll.src.eth == 78:bd:bc:5f:3a:07"
But how can I filter for that MAC as both source and destination? There doesn't seem to be the corresponding "sll.dst" (or dest) syntax/taxonomy. What am I missing?
(FYI, looking for traffic from a device that apparently registered itself with our routers DNS service as having the name "localhost" ! So far it seems to broadcast a lot to UDP port 15600.)
Cheers, Robb.
