[c-nsp] finding unicast flooding in Wireshark sniff
Rogelio
scubacuda at gmail.com
Tue Jul 19 10:26:32 EDT 2011
Irina Arsenieva wrote:
> Hello there,
> I believe Wireshark display filter should look something like this:
> !(eth.ig == 1) and !(eth.dst == xx.yy.zz.tt.uu.vv),
> where
> !(eth.ig == 1) - excludes broadcast and multicast
> !(eth.dst == xx.yy.zz.tt.uu.vv) - excludes your router mac
> xx.yy.zz.tt.uu.vv
Thank you, Irina. I see the display filter, but don't see conditions
(i.e. WHERE statement), so I guess I'll just have export the results of
one set and run the 2nd filter on that set.
I will try that!
More information about the cisco-nsp
mailing list