On May 5, 2014, at 12:38 PM, Jerry Riedel <[email protected]> wrote:
> !host 192.168.10.2 and !host 192.168.0.3 and !port 161 or vlan and !host > 192.168.10.2 and !host 192.168.0.3 and !port 161 - this string excludes both > hosts and port 161 from packets with and without the vlan tag. > > Beyond confirming that using parentheses had an undesirable effect on the > filter logic I did not do further testing to sort that one out. Yes, that's the issue. > Based on my testing, it does seem that this is a case where the Windows port > differs from the *nix implementation of tcpdump. What testing have you don on *nix? (Note that the the compiling a filter expression into BPF code is done in libpcap/WinPcap, not tcpdump, and the interpretation of the BPF code to do filtering is done either in built-in kernel code in *nix and WinPcap driver code on Windows or in libpcap/WinPcap if the kernel-mode code can't do it for some reason, so it's not a tcpdump issue.) _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
