Ask Your Question
0

How to exclude "network cards" packets?

asked 2018-03-02 08:29:36 +0000

kootenpv gravatar image

updated 2018-03-02 11:09:11 +0000

For example I can see when I do a mac address lookup that I have something like a Broadcom mac address in my output. How could I exclude these, either through a setting, or how can I identify network cards in post processing?

One hint that I see is that a network card has the same or very close RSSI to the device using the network card. I'm hoping someone knows fields that a network card have that devices wouldn't have (or vice versa).

edit retag flag offensive close merge delete

Comments

What is the difference between a "network card" and a "device"?

Guy Harris gravatar imageGuy Harris ( 2018-03-03 06:15:52 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-03-02 16:05:06 +0000

Jim Aragon gravatar image

"I'm hoping someone knows fields that a network card have that devices wouldn't have (or vice versa)."

"So the question 'How can I recognize a network card in the output - not specifically mine' is more appropriate."

You can't separate a device from its network adapter. Every packet that a device sends is sent using its network adapter, whether it's a separate card in a slot, or an integrated onboard adapter. All you can tell from the MAC address is the manufacturer. A Broadcom card is a Broadcom card, whether it's a separate network adapter on a card or an integrated adapter.

There are no fields that a "device" has that its network adapter doesn't have.

edit flag offensive delete link more

Comments

But so that means that when I can find a device, I can just look for the mac address that is most similar and conclude that if it is super similar, that it must be a network card? Or do you have another idea how I might post-filter the network cards?

kootenpv gravatar imagekootenpv ( 2018-03-02 18:14:04 +0000 )edit
add a comment
0

answered 2018-03-02 08:37:14 +0000

Jaap gravatar image

updated 2018-03-02 08:37:40 +0000

Apply a display filter such as !(eth.dst[0:23] == 00:10:18)

Tune this to the specific MAC you want (src, dst or addr for both) and the Broadcom OUI involved (Broadcom has several, I just took one example)

edit flag offensive delete link more

Comments

I want to make it work in a generic case (so without knowing that it is particularly Broadcom). So the question "How can I recognize a network card in the output - not specifically mine" is more appropriate.

kootenpv gravatar imagekootenpv ( 2018-03-02 11:06:10 +0000 )edit

I added a hint to the question

kootenpv gravatar imagekootenpv ( 2018-03-02 13:40:19 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-03-02 08:29:36 +0000

Seen: 425 times

Last updated: Mar 02 '18

Related questions

Network card not working properly after wireshark install

Packet Sniffing Consultant - Wire Shark

Capture incoming packets from remote web server

How to set packet metadata in realtime?

Monitor device

Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets

how to measure network and server latency

What is wrong with my internets?!

How do I dissect multiple packets?

How do I get relative ack number greater than sequence number?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2