I believe this used to work, but it's not working now in v19 GA, so it might just be I forgot how to do it, or it could be something changed.
If I use the GUI Diagnostics > Packet Capture and I specify a BPF string of "ether host 11:22:33:44:55:66" (with a real MAC address, of course), it immediately ends with no capture. If I go into Advanced Shell and try it, I get the error message: "tcpdump: ethernet addresses supported only on ethernet/FDDI/token ring/802.11/ATM LANE/Fibre Channel". If I specify an interface in the Advanced Shell, such as "tcpdump -i Port1 ether host 11:22:33:44:55:66" it works.
All ports are ethernet, some have VLANs, and there is a currently-unused copper ethernet SPF in Port F1 which is new, so not sure what's confusing things. Does the GUI capture work for other folks?
(I'm doing this because I see two MAC addresses on my network that I don't recognize.)
This thread was automatically locked due to age.