display filter syntax is described in
http://www.wireshark.org/docs/man-pages/wireshark-filter.html
(which BTW is included in wireshark's distribution)
if you know the source mac always ends in 0007 the filter would be:
eth.src[4:2] == 00:07
On 5/4/07, Tom Greaser <tgreaser@xxxxxxxxxxx> wrote:
Im weak at filters...
can someone point me in a good direction.. Im trying to find a LAYER 2
multicast issue
on the network. that ask luck would have it.. pops up at different
times every day..
The only reason i know of this "issue" some of the switches log the
error..
C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET
and Cisco's fix.. find the sender and fix it..
so im trying to track it down.. but .. i get a few different multicast
souce addresses
How can i set my capture to allow me to put in just part of the
ethernet address ?
i read the wiki and since i have HIGH volumes of data (gig links
running at 15-50 meg)
id like to do more than just the filter "mulitcast"
i will if i have too..
i know the source mac always ends in 0007
Thanks for any help / direction..
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
