This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, i don't really get the syntax on the capture filter, how would this translate into capturing filter?

Thanks.

wlan.fc.type_subtype eq 4 and wlan.addr == ff:ff:ff:ff:ff:ff

asked 23 Sep '14, 19:08

pato-llaguno's gravatar image

pato-llaguno
11112
accept rate: 0%


4 is a probe request, and wlan.addr matches all possible MAC addresses, so that would be

subtype probe-req and (wlan addr1 ff:ff:ff:ff:ff:ff or wlan addr2 ff:ff:ff:ff:ff:ff or wlan addr3 ff:ff:ff:ff:ff:ff or wlan addr4 ff:ff:ff:ff:ff:ff)

although not all versions of libpcap support "wlan addrN".

permanent link

answered 02 Oct '14, 11:48

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×349
×19

question asked: 23 Sep '14, 19:08

question was seen: 1,210 times

last updated: 02 Oct '14, 11:48

p​o​w​e​r​e​d by O​S​Q​A