How to filter a mac address with tshark:
I received a lot of errors trying to find the filter:
That string looks like a valid display filter; however, it isn’t a valid
capture filter (syntax error).Note that display filters and capture filters don’t have the same syntax,
so you can’t use most display filter expressions as capture filters.See the User’s Guide for a description of the capture filter syntax.
That string isn’t a valid capture filter (syntax error).
See the User’s Guide for a description of the capture filter syntax.
I figured out that this is working:
tshark -n -i p1p2 -a filesize:100000 -b files:3 -w wantrace.pcapng -f "ether host e8:xx:ab:xx:12:xx"
