FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-05-2011, 05:26 AM
Muhammad Fahad
 
Default Please help to find the proper filter string for vlan packet

Hello All*
* I am writing a scripts to filter procedure with protocol field, when i tried to filter the capture with vlan packet its throwing an error message "tshark: Neither "eth.vlan.tpid" nor "0x8100" are field or protocol names."
Can any one help to find the proper filter name for vlan(priority) packet on*Debian**
root@ZBF-PWE2:/home/oauser# sudo tshark -r monitor.pcap1 -w monitor_test.pcap -R "(ip.src == 40.40.40.2) && (ip.dsfield.dscp == 0x05)"
Running as user "root" and group "root". This could be dangerous.root@ZBF-PWE2:/home/oauser# tshark -r monitor_test.pcapRunning as user "root" and group "root". This could be dangerous.
* 1 * 0.000000 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]* 2 * 1.000375 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]* 3 * 2.000716 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]
* 4 * 3.002074 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]* 5 * 3.010134 Intel_a5:8c:39 -> Intel_a5:8c:7a ARP [Packet size limited during capture]* 6 * 4.003436 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]
* 7 * 5.004796 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]* 8 * 6.006171 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]* 9 * 7.007515 Intel_a5:8c:39 -> Intel_a5:8c:7a IP [Packet size limited during capture]
root@ZBF-PWE2:/home/oauser# sudo tshark -r monitor.pcap1 -w monitor_test.pcap -R "(ip.src == 40.40.40.2) && (eth.vlan.pri == 0)"

tshark: Neither "eth.vlan.pri" nor "0" are field or protocol names.
root@ZBF-PWE2:/home/oauser# sudo tshark -r monitor.pcap1 -w monitor_test.pcap -R "(eth.vlan.tpid == 0x8100) && (eth.vlan.pri == 0)"

tshark: Neither "eth.vlan.tpid" nor "0x8100" are field or protocol names.
root@ZBF-PWE2:/home/oauser# ^C

root@ZBF-PWE2:/home/oauser# tshark -v
TShark 1.4.6
Copyright 1998-2011 Gerald Combs <gerald@wireshark.org> and contributors.This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.28.6, with libpcap 1.1.1, with libz 1.2.3.4, withPOSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.4,
with Lua 5.1, without Python, with GnuTLS 2.10.5, with Gcrypt 1.4.6, with MITKerberos, with GeoIP.
Running on Linux 2.6.32-5-686, with libpcap version 1.1.1, with libz 1.2.3.4.

Built using gcc 4.5.2.root@ZBF-PWE2:/home/oauser#
--
Muhammad Fahad.k
+919844164764
+919663385645
"Knowledge is not what is memorised.
Knowledge is what benefits."
 

Thread Tools




All times are GMT. The time now is 03:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org