Ethereal: Re: [Ethereal-users] getting MAC addresses from ethereal

Ethereal-users: January 2002

Subject: Re: [Ethereal-users] getting MAC addresses from ethereal
From: Rakesh Arora <rake_arora@xxxxxxxxx>
Date: Sun, 27 Jan 2002 21:12:53 -0800 (PST)

> '!(ether[0:2] = 0x0002 and ether[2] = 0x2d) and
> !(ether[0:2] = 0x0050 and ether[2] = 0x8b)' I think.
> But double check my boolean logic; it's
> rusty and it's almost 2:30 AM here :-).

Thanks Marco. I should be able to combine the third
byte with the first two bytes. If so, my capture
expression would look like:
!(ether[6:3] = 0x00022d) and !(ether[6:3]=0x00508b).
Is this right? (I am looking at the source addresses,
so it is at an offset of 6)

Thanks,
rakesh

__________________________________________________
Do You Yahoo!?
Great stuff seeking new owners in Yahoo! Auctions! 
http://auctions.yahoo.com

Follow-Ups:
- Re: [Ethereal-users] getting MAC addresses from ethereal
  - From: M.C. van den Bovenkamp

References:
- Re: [Ethereal-users] getting MAC addresses from ethereal
  - From: M.C. van den Bovenkamp

Prev by Date: [Ethereal-users] Save as my own file format?
Next by Date: Re: [Ethereal-users] getting MAC addresses from ethereal
Previous by thread: Re: [Ethereal-users] getting MAC addresses from ethereal
Next by thread: Re: [Ethereal-users] getting MAC addresses from ethereal
Index(es):
- Date
- Thread