Hi, everyone. This is my first thread
There is a trouble when i capture PPPoE packets with tcpdump or snort.
i want to capture PPPoE packets in my network.
my network is following:
<ISP>
|
Repeater HUB ------ Router ------- <Local Network>
|
-------------------- Sniffer(Linux)
i can capture PPPoE packets with tcpdump and snort.
i did the following commands:
# tcpdump -i eth1 -nt
# snort -dev
But, i cannot filter PPPoE packets
. i did the following commands:
# tcpdump -i eth1 -nt host not port 22
# snort -dev not port 22
i assume tcpdump and snort analyze PPPoE packets, so maybe
patches apply tcpdump and snort to analyze PPPoE packets.
Is my idea correct? Does someone know those patches if my idea
is correct?
---------------
Appendix: version information
tcpdump version 3.8.3
libpcap version 0.8.3
snort-2.2.0
---------------