I'm new to filters in wireshark. Any filter I try like tcp or http or ip clears all packets. I'm specifically trying to see only broadcasts with the filter eth.addr == ff:ff:ff:ff:ff:ff . Applying this filter clears all packets. When I remove the filter, I see all kinds of broadcast packets. I'm running wireshark 1.6.7 as root, capturing on wlan0.mon asked 08 Jun '12, 07:33 jbagg edited 08 Jun '12, 07:34 |
One Answer:
If you're capturing on the wlan0.mon interface, then your packets are probably not Ethernet encapsulated, but IEEE 802.11 encapsulated. Try a filter of Remember that you can always left-click within the packet details pane on the field that you are interested in and see what the filter name is for that field in the status bar. You can also right-click on the field and choose either the "Apply as Filter" or "Prepare a Filter" options from the menu to avoid some extra typing. answered 08 Jun '12, 07:55 cmaynard ♦♦ |
Thank you, wlan.addr works!