I am trying to filter through traffic that may or may not have a VN-Tag present. As this tag sits between the Ethernet and IP protocol sections it is messing up pcap filter elements. How do I go about working around these tags?
asked 19 May '16, 10:35
edited 19 May '16, 12:56
You could use
answered 19 May '16, 14:10
Okay, then this looks like it doesn't work as it should, and you're talking about capture filter syntax a.k.a. BPF. Maybe you can work around using display filtering instead? If Wireshark can decode the VN-Tag it should be able to use display filters as usual.
I'm not sure if it's the right place to open a bug report regaring capture filters, but you could head over to https://bugs.wireshark.org to create one.
answered 19 May '16, 12:56
For a pcap filter XXX, if you want to capture those packets regardless of whether the packets are VLAN-tagged or not, you do
answered 19 May '16, 15:16
Guy Harris ♦♦