This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

convert visual filter to capture filter

0

Hello, i don't really get the syntax on the capture filter, how would this translate into capturing filter?

Thanks.

wlan.fc.type_subtype eq 4 and wlan.addr == ff:ff:ff:ff:ff:ff

asked 23 Sep '14, 19:08

pato-llaguno's gravatar image

pato-llaguno
11112
accept rate: 0%


One Answer:

0

4 is a probe request, and wlan.addr matches all possible MAC addresses, so that would be

subtype probe-req and (wlan addr1 ff:ff:ff:ff:ff:ff or wlan addr2 ff:ff:ff:ff:ff:ff or wlan addr3 ff:ff:ff:ff:ff:ff or wlan addr4 ff:ff:ff:ff:ff:ff)

although not all versions of libpcap support "wlan addrN".

answered 02 Oct '14, 11:48

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%