Hi All, I have checked and filter for Multicast is as follows eth.dst[0] & 1 and understand that this corresponds to checking least significant bit of first address byte set. But I do not understand the capture syntax. 1)What is eth.dst[0] & 1 What I can interpret is to check [0]-->Least significant bit What is the filter & 1 mean ( & is ??) Thanks asked 05 Dec '15, 11:01  rakeshreddy |
One Answer:
And the whole expression has a value of 0 if the least significant bit of the least significant byte is 0, which is interpreted as "false" and so packets with this (multicast) bit not set to 1 are not shown; the whole expression has a value of 1, which is interpreted as "true" and so the packets with this bit set to 1 are shown. Edit: taking up here a link to an article explaining the role of U/L and I/G bits from @rakeshreddy's comment below. answered 05 Dec '15, 11:18  sindy edited 05 Dec '15, 14:36 |
Hi Sindy,
Just one more question. I am a bit confused.
Say we have the mac address as 00:e0:52:00:00:00
From the above, can we say that this is not multicast as MSB is 0?
Thanks
Yes. In more detail, it is not a multicast MAC because bit 0 (the least significant bit) of its MSB (most significant byte) is 0, and it is a vendor-assigned address because bit 1 of the MSB is also 0.
What is the subject of your confusion?
(btw, off topic, thank you for giving me extra points for the answer, but to mark it as accepted for the sake of others asking a similar question, the "checkmark" icon is the right one to click. If you do that, the colour of the question in the list changes to indicate that it has at least one answer which was useful)
Hi Sindy,
Thanks for your answer.
With Example I found Below in case others look up on the same issue.
https://packetsdropped.wordpress.com/2011/01/13/mac-address-universally-or-locally-administered-bit-and-individualgroup-bit/
Thanks