 | 1 | initial version |
You can use Tshark to export the source and destination IPs from the access switch capture:
tshark -r file.pcap -T fields -e ip.src -e ip.dst
If you know your client network subnet, you can filter the output by the source subnet:
tshark -r file.pcap -T fields -e ip.src -Y "ip.src == 192.168.0.0/24"
To reduce the output to unique addresses, you can pipe it to "sort /unique" (Windows only)
tshark -r file.pcap -T fields -e ip.src -Y "ip.src == 192.168.0.0/24" | sort /unique
As soon as you've the list with the unique IP addresses, you can add it to Excel to create a capture filter (e.g. by using "="host "&A1&" AND host "&A2&" AND host "....)"