SD-WAN

Hi Sylvain,

The filter syntax is called Berkeley Packet Filter (bpf). As the bpf syntax is very sensitive to offsets you need to specify the "vlan" expression in order to tell the bpf virtual machine it should shift all offsets by 4 when matching for patterns (size of vlan header).

Here are some examples:

(1) Filter for IP packets inside vlan tagged ethernet frames:

vlan and ip

(2) Filter for IP packets inside vlan tagged ethernet frames with vlan id 1234 only:

vlan 1234 and ip

(3) Filter for IP packets - regardless of vlan or not:

ip or vlan and ip

Mathias

------------------------------
Mathias Jeschke
Juniper Networks

Original Message:
Sent: 07-26-2021 08:56
From: Sylvain Floury
Subject: Issue with packet capture filters and Vlan

Hello,

We are facing an issue to perform packet capture with a filter on a host IP address :
On the device interface  => capture filter :
"host X.X.X.X"

It works well when there are not VLAN on the network interface, but doesn't return any packet when the network interface has a vlan tag .

( some packet fitler works fine with vlan , for exemple  "length > 0" to capture all trafic .)

Is there a way/syntax to filter on IP when vlan are presents?

Sylvain

------------------------------
Sylvain Floury
SDWan Architect
------------------------------