I’ve been especially paranoid about traffic entering and exiting my WAN interface in the last few weeks. Don’t know why. I’ve discovered some interesting stuff though.
This question is about ethertype.
I have a regular cable based ISP. For the heck of it, I let this sniffer run for a while:
[me@MikroTik] > /tool sniffer print
only-headers: no
memory-limit: 16384KiB
memory-scroll: yes
file-name: ether1_2018-01-09_mac_filter.out
file-limit: 100000KiB
streaming-enabled: no
streaming-server: 0.0.0.0
filter-stream: no
filter-interface: ether1
filter-mac-address:
filter-mac-protocol: !ip,!ipv6,!arp
filter-ip-address:
filter-ipv6-address:
filter-ip-protocol:
filter-port:
filter-cpu:
filter-direction: any
filter-operator-between-entries: and
running: yes
I don’t get any output after running this for many hours. I’m going to let it run for longer.
My question is if anyone has tried this and what ethertype they see other than ipv4, ipv6 and arp? What might I expect to see? Is my ISP filtering L2 frames that aren’t one of these 3 maybe?