Is it possible to set a Capture Filter for a specific MAC address destination and for only frames that contain HTTP data?
When I try the filter "-f wlan.da==XX:XX:XX:XX:XX:XX" tshark returns the error "Invalid capture filter "wlan.da==68:9C:70:28:FF:C0" for interface".
This works as a Display Filter. Is there an advantage to a Capture Filter over a Display Filter?
I haven't been able to find anything for the HTTP Data filter.
asked 05 Nov '14, 09:57
will get you all traffic to or from TCP port 80 and to MAC address 68:9C:70:28:FF:C0. You can add other ports, e.g.
The packets are discarded very early in the capture process, so that if the network on which you're capturing is a very high-traffic network, you're less likely to drop packets, as the packets deemed un-interesting are discarded before they take up space in the system's packet capture buffer.
answered 05 Nov '14, 21:24
Guy Harris ♦♦