tcpdump supports the "ether" qualifier to specify ethernet addresses in the standard colon-separated format. For example, to capture any broadcast traffic, To capture any traffic sent to or from a given MAC address, (Here the first three octets identify the MAC in question as belonging to an Intel NIC, e8:2a:ea being an OUI assigned to Intel.)
Knowledge Base
How does one filter MAC addresses using tcpdump?
tcpdump supports the "ether" qualifier to specify ethernet addresses in the standard colon-separated format.
