tcpdump mailing list archives

Re: Sniffing inbound ethernet frames only

From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Mon, 23 Oct 2006 15:27:18 +0000

On 2006-10-23 15:13, Jost-DVSB () t-online de wrote:

Jefferson Ogata wrote:

Have you tried

left window: not ether src mac:addr:of:eth0
right window: not ether src mac:addr:of:eth1


Hello Jefferson,

thanks for the quick response.
Is there a per process filtering or is there
one kernel filter for all processes? In the latter
case the filter rule of the second invocation
of tcpdump would overwrite the rule of the
first invocation of tcpdump, isn't it?


Filtering is per process, or really per raw socket.

-- 
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>
"Never try to retrieve anything from a bear."--National Park Service
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Sniffing inbound ethernet frames only Jost-DVSB (Oct 21)
- Re: Sniffing inbound ethernet frames only Jefferson Ogata (Oct 21)
  - Re: Sniffing inbound ethernet frames only Jost-DVSB (Oct 23)
    - Re: Sniffing inbound ethernet frames only Jefferson Ogata (Oct 23)
    - why not filtering at driver level ? madhuresh (Oct 23)
    - Re: why not filtering at driver level ? Guy Harris (Oct 23)
    - Re: why not filtering at driver level ? madhuresh (Oct 23)
    - Re: why not filtering at driver level ? Guy Harris (Oct 23)
    - Re: why not filtering at driver level ? madhuresh (Oct 23)
    - Re: why not filtering at driver level ? Guy Harris (Oct 23)
    - Re: why not filtering at driver level ? Guy Harris (Oct 23)
    - Re: why not filtering at driver level ? Jefferson Ogata (Oct 23)
    - Re: why not filtering at driver level ? Jefferson Ogata (Oct 23)
  - Re: Sniffing inbound ethernet frames only Jost-DVSB (Oct 26)

(Thread continues...)