Before I set filters,I can capture traffics ,such as: But after I set a TCP filters,I capture nothing,such as: Does anyone know what happened and how to fix it? Thanks a lot asked 03 Jan '15, 02:18  obo |
One Answer:
Capture filters are fairly simple compared to display filters, due to the need for performance. They're really BPF filters. When you use a capture filter of "tcp", the resultant filter logic expects to see that transport type at specific offsets in packets - for example it expects to see the IP header at a specific offset relative to the Ethernet header, and the IP header's protocol field at a specific offset to determine tcp vs. udp and so on. In your case you're not running "normal" IP over Ethernet - you're running PPP over Ethernet. So I believe you need to tell the capture filter to account for that change in offsets due to PPPoE, by using the filter " answered 03 Jan '15, 09:42  Hadriel |
Yes,I'm running PPP over Ethernet.Your method works.thank you.