skwear's profile - activity

overview network karma followed questions activity

2021-06-24 19:24:26 +0000	received badge	● Popular Question (source)
2021-06-24 19:24:26 +0000	received badge	● Notable Question (source)
2019-04-18 18:11:59 +0000	received badge	● Student (source)
2019-04-18 16:34:40 +0000	marked best answer	Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype I am trying to capture traffic of ethertype `0x88b8`. Some of them may be vlan tagged and some of them might not be, but the `and` and `or` operators are not behaving in the way I expect. My first attempt was this: `(vlan and ether proto 0x88b8) or ether proto 0x88b8` I tested this capture filter on two separate laptops simultaneously, one of which receives the vlan tagged packets and other which receives the non-tagged packets. In this case the one receiving the non-tagged packets received nothing. I dug around and found on the pcap filter man-page and found this: Negation has highest precedence. Alternation and concatenation have equal precedence and associate left to right. So I though order mattered somehow. So after a bit of trial-and-error I settled on this: `ether proto 0x88b8 or (vlan and ether proto 0x88b8)` and this worked on both laptops. Has my testing yielded the correct expression? Is it redundant in some way? Why are they different and why does the latter one work? Is there anything else I should be aware of?
2019-04-18 16:34:40 +0000	received badge	● Scholar (source)
2019-04-18 16:34:35 +0000	commented answer	Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype So the reason the second expression works is because I have the vlan keyword after the or? That makes a lot of sense. Th
2019-04-18 16:23:13 +0000	asked a question	Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype Capture filter for vlan tagged packets and non vlan tagged packets of specific ethertype I am trying to capture traffic