tcpdump vlan filter differ for Ubuntu/CentOS?

by Kenneth Lui   Last Updated December 07, 2017 10:00 AM

i found below packet captured using tcpdump with vlan filter is different in Ubuntu and CentOS, is it normal?

17:09:58.945885 00:24:dc:43:bf:c0 > 40:55:39:1d:a2:99, ethertype 802.1Q (0x8100), length 74: vlan 221, p 0, ethertype 802.1Q, vlan 1190, p 0, ethertype IPv4, (tos 0x0, ttl 52, id 63483, offset 0, flags [DF], proto TCP (6), length 52) XX.XX.XX.XX.50366 > YY.YY.YY.YY.22: Flags [.], cksum 0x82d7 (correct), seq 0, ack 44, win 115, options [nop,nop,TS val 2932818788 ecr 2962679970], length 0

workable command for Ubuntu: tcpdump -vvnni eth0 -e 'vlan and host YY.YY.YY.YY'

workable command for CentOS: tcpdump -vvnni eth0 -e '(vlan and vlan) and host YY.YY.YY.YY'

the command works in Ubuntu has no way to work in CentOS?

Related Questions

Understand TCPDUMP from failed cqlsh connection

Updated April 21, 2017 20:00 PM

tcpdump: capture one of several vlans

Updated April 06, 2015 21:00 PM

TCP Messages Merged?

Updated December 26, 2015 13:00 PM