Getting ready

The basic layer 2 filters are:

• ether host <Ethernet host>: To get the Ethernet address
• ether dst <Ethernet host>: To get the Ethernet destination address
• ether src <Ethernet host>: To get the Ethernet source address
• ether broadcast: To capture all Ethernet broadcast packets
• ether multicast: To capture all Ethernet multicast packets
• ether proto <protocol>: To filter only the protocol type indicated in the protocol identifier
• vlan <vlan_id>: To pass only packets from a specific VLAN that is indicated in the identifier field

For negating a filter rule, simply type the word not or ! in front of the primitive. For example:

Not ether host <Ethernet host> or ! ether host <Ethernet host> will capture packets that are not from/to the Ethernet address specified in the identifier field.