Hi, can an expert tell me which tool to use for filtering/capturing/analyzing Ethernet packets of a whole MAC subnet?
Ie. I have on a MT CRS326 switch some ports with MAC addresses like these:
c4:ad:34:78:d1:21
c4:ad:34:78:d1:22
c4:ad:34:78:d1:23
c4:ad:34:78:d1:24
c4:ad:34:78:d1:25
c4:ad:34:78:d1:26
c4:ad:34:78:d1:27
c4:ad:34:78:d1:28
...
On a router attached to the uplink port of this switch I want to capture the traffic from/to all these switch ports in a single capture-session.
How to do that?
On the said router I tried "tcpdump -nn -xe -vv ether net c4:ad:34:78:d1:21/40", but it gives an error:
tcpdump: ethernet address used in non-ether expression
Same error happens if I write the subnet mask in these formats:
tcpdump -nn -xe -vv ether net c4:ad:34:78:d1:21/ff:ff:ff:ff:ff:00
or
tcpdump -nn -xe -vv ether net c4:ad:34:78:d1:21 mask ff:ff:ff:ff:ff:00
tcpdump: ethernet address used in non-ether expression
Does any expert here know how to do that and could kindly help me?
Thx.