This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

all traffic except the list of mac address

0

hello

how i can write right caputre filter to pick all the traffic except the follow mac addresses?

asked 24 Oct '17, 02:11

scanman's gravatar image

scanman
16335
accept rate: 0%


2 Answers:

1

The capture filter for a MAC address is in the form of ether host xx:xx:xx:xx:xx:xx where x is a hexadecimal digit.

To combine multiple addresses and then exclude them, firstly "or" them together and then negate the entire list, e.g.

!(ether host 12:34:56:78:9A:BC or aa:bb:cc:dd:ee:ff or ff:ff:ff:ff:ff:ff)

answered 24 Oct '17, 04:48

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

0

Depending on your exact requirements it would be something like this:

not ether host 00:01:02:03:04:05 and not ether host 00:06:07:08:09:0A

but you can check the Wiki for more details.

answered 24 Oct '17, 04:35

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

thank you alot )

(24 Oct '17, 04:51) scanman