如何使用 tcpdump 过滤 MAC 地址? [英] How to filter MAC addresses using tcpdump?
问题描述
我在 DD-WRT 路由器上运行 tcpdump 以从手机捕获上行链路数据.我只想听一些mac地址.为此,我尝试使用类似于 Wireshark 的语法运行该命令:
I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark:
tcpdump -ipris0 ether src[0:3] 5c:95:ae -s0 -w |nc 192.168.1.147 31337
这样我就可以监听所有具有初始 mac 地址 5c:95:ae
的设备.
so that I can listen to all the devices that have as initial mac address 5c:95:ae
.
问题是语法错误,我想知道你们中是否有人知道正确的语法来获得我想要的东西.
The problem is that the syntax is wrong and I was wondering if anyone of you knows the right syntax to get what I want.
推荐答案
使用 man pcap-filter
我找到了这个解决方案:
With man pcap-filter
I found this solution:
tcpdump "ether[6:2] == 0x5c95 and ether[8:1] == 0xae"
这篇关于如何使用 tcpdump 过滤 MAC 地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!