Filtering by mac is not working.

Works for me, what version of tshark and what shell are you running this in?

Hi grahamb, thanks for your quickly answer. I'm using terminator as shell and the version is "TShark (Wireshark) 2.2.2". I tried in a different PC and it worked, I'm wondering if it could be some library version. Any idea?

TShark (Wireshark) 2.2.2 (Git Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3, with GLib 2.48.1, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP, with nghttp2 1.7.1.

Running on Linux 4.4.0-51-generic, with locale LC_CTYPE=pt_BR.UTF-8, LC_NUMERIC=pt_BR.UTF-8, LC_TIME=pt_BR.UTF-8, LC_COLLATE=en_US.UTF-8, LC_MONETARY=pt_BR.UTF-8, LC_MESSAGES=en_US.UTF-8, LC_PAPER=pt_BR.UTF-8, LC_NAME=pt_BR.UTF-8, LC_ADDRESS=pt_BR.UTF-8, LC_TELEPHONE=pt_BR.UTF-8, LC_MEASUREMENT=pt_BR.UTF-8, LC_IDENTIFICATION=pt_BR.UTF-8, with libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib 1.2.8.

Built using gcc 5.4.0 20160609.

Did you use the same shell on the other PC? I'm clutching at straws that it's an argument escaping error.

Yes, I used and I also tried a different shell, same thing.

Do you know what library is responsible to parse the eth parameters?