DescriptionHow to capture data from a single vendor's OUIScopeKB Article Type :
Troubleshooting
Related Products: All
Controllers
Related Software
Versions: all
Keywords : tshark,
capture-packets, trace, capture,
sniff
SolutionIt is not uncommon
where a problem that effects a single type device, i.e. Ascom phones.
The following capture filter will capture only packets from a vendor, in
the example Realtek.
The commands below
will capture DHCP traffic from all Realtek nics on the meru
interface.
Capture for an OUI from
root:
tshark "ether [0:4] &
0xffffff00 = 0x5cac4c00" or "ether [5:4] & 0xffffff00 =
0x5cac4c00" and port 67 -i meru -w
filename
Capture for an OUI from
CLI
capture-packets "ether [0:4]
& 0xffffff00 = 0x5cac4c00" or "ether [5:4] & 0xffffff00 =
0x5cac4c00" and port 67 -i meru -w
filename
To
explain the
format
ether[0:4] – says we're looking at the first 4 hex values
under the Ehernet
header.
& 0xffffff00 is a mask saying match on the first 3
hex
values.
=
0x5cac4c00 is what to match
on.
That covers the source address. Here the or connector was
used to define the destination address [5:4] and the 'and' connector to
match on port 67
(bootp).
