Wireshark mailing list archives

Re: filter out PVST packets?

From: Guy Harris <guy () alum mit edu>
Date: Fri, 28 Oct 2011 01:15:27 -0700


On Oct 27, 2011, at 10:51 PM, Guy Harris wrote:

PVSTP+ does *NOT* use the standard Ethernet type or LLC SAP for STP; instead, it uses SNAP and an OUI of 00:00:0C and 
a protocol ID of 0x010b.  Unfortunately, there's no simple primitive to check for SNAP+{OUI}+{Protocol ID}.  The way 
you way you do that is dependent on the link layer type; for Ethernet I think it'd be

      ether[12:2] <= 1500 and ether[14:4] == 0xaaaa0300 and ether[18:4] == 0x000c0010b


Err, sorry, that's

        not (ether[12:2] <= 1500 and ether[14:4] == 0xaaaa0300 and ether[18:4] == 0x000c0010b)

if you *don't* want PVST+.  If you don't want STP *or* PVST+, it's

        not stp and not (ether[12:2] <= 1500 and ether[14:4] == 0xaaaa0300 and ether[18:4] == 0x000c0010b)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

filter out PVST packets? Dave Sparks (Oct 26)
- Re: filter out PVST packets? Martin Visser (Oct 26)
- Re: filter out PVST packets? Guy Harris (Oct 27)
  - Re: filter out PVST packets? Guy Harris (Oct 28)