如何使用 tcpdump 过滤 MAC 地址? [英] How to filter MAC addresses using tcpdump?

问题描述

我在 DD-WRT 路由器上运行 tcpdump 以从手机捕获上行链路数据.我只想听一些mac地址.为此，我尝试使用类似于 Wireshark 的语法运行该命令:

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark:

tcpdump -ipris0 ether src[0:3] 5c:95:ae -s0 -w |nc 192.168.1.147 31337

这样我就可以监听所有具有初始 mac 地址 5c:95:ae 的设备.

so that I can listen to all the devices that have as initial mac address 5c:95:ae.

问题是语法错误，我想知道你们中是否有人知道正确的语法来获得我想要的东西.

The problem is that the syntax is wrong and I was wondering if anyone of you knows the right syntax to get what I want.

推荐答案

使用 man pcap-filter 我找到了这个解决方案:

With man pcap-filter I found this solution:

tcpdump "ether[6:2] == 0x5c95 and ether[8:1] == 0xae"

这篇关于如何使用 tcpdump 过滤 MAC 地址?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！