tcpdump mailing list archives

Re: only outbound traffic

From: Seth Hall <seth () icir org>
Date: Mon, 2 May 2011 11:09:51 -0400


On Apr 29, 2011, at 3:34 AM, Andrej van der Zee wrote:

On Apr 29, 2011, at 2:13 AM, Guy Harris wrote:
Why would an "offset" keyword be better in the filtering language than, say, the "vlan" keyword it already has?  
You'd still have to do the same sort of special stuff, but it'd be a more manual operation.  (I.e., why would saying 
"offset {length of VLAN tag}" be better than "vlan"?)


Its more explicit too me. It is not really intuitive that "port 80 and vlan" and " vlan and port 80" gives different 
results, until you realize that vlan increases the ether type offset.



The real fun starts when you have traffic with both MPLS and VLAN tags. :)

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

only outbound traffic Andrej van der Zee (Apr 28)
- Re: only outbound traffic Andrej van der Zee (Apr 28)
  - Re: only outbound traffic Gerald Combs (Apr 28)
    - Re: only outbound traffic Andrej van der Zee (Apr 28)
    - Re: only outbound traffic Guy Harris (Apr 28)
    - Re: only outbound traffic Andrej van der Zee (Apr 29)
    - Re: only outbound traffic Seth Hall (May 02)