To filter out only packets to or from that host, and not filter out all
non-tagged packets, do
!host 192.168.10.2 or (vlan and !host 192.168.10.2)
> that does _not_ work - still get the packets that have the vlan header. I
> have seen tcpdump (and windump) references saying that the parentheses must
> be escaped and/or that the expression must be quoted; is that necessary with
> Windows?
>> to more specific, with the filter expression string above, it is not
>> filtering out packets where VLAN is true and destination host is
>> 192.168.10.2. If I remove the parentheses and use !host 192.168.10.2 or vlan
>> and !host 192.168.10.2, then it works.
FWIW, I did some more hunting and found some better documentation on windump
that indicated that parentheses do not need to be escaped in Windows. As an
experiment, I tried quoting the expression: using double quotes " had no
effect, single quotes threw an error.
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
