Hi all. I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark: tcpdump -i prism0 ether src[0:3] 5c:95:ae -s0 -w | nc 192.168.1.147 31337 so that I can listen to all the devices that have as initial mac address The problem is that the syntax is wrong and I was wondering if anyone of you knows the right syntax to get what I want. Thanks in advance for the help!!! Looking forward to hearing from you, Giovanni asked 26 Oct '12, 05:14  Giovanni Soldi |
One Answer:
Yes, somebody knows - the person named "graphite" does. And, no, you do not need "src" in the filter he/she lists - see my followup comment to your comment. answered 26 Oct '12, 18:19  Guy Harris ♦♦ |
