Can I map MAC addresses to names?

asked 2018-08-15 20:55:48 +0000

updated 2018-08-15 23:51:44 +0000

It would be super cool if I could alias transmitter and receiver MAC addresses in 802.11 captures. Tracking MAC addresses is pretty hard... but if I could call an access point "AP01" and a client "MacBook", that would make reading PCAPs super slick.

I tried using both "ethers" and "hosts", but the changes don't seem to reflect anywhere in Wireshark. Am I doing something wrong?

Operating system? Tested on a Mac with current version and it works OK. Are you on Windows, Linux?

Hey Bob, I'm using macOS 10.13.6. Are you using "ethers" or "hosts"? Would you be willing to paste in an example? I must be doing something wrong.

1 Answer

answered 2018-08-15 22:31:51 +0000

Example for MAC OS X:

MacPrompt$ cat /Users/bob/.wireshark/ethers

7c:8b:10:0f:97:b5   Test_MAC

The restart Wireshark, and all is good:

image description

Note that this works for all MAC-48 addresses, not just 802.11 addresses; it also handles, for example, Ethernet addresses.

Note also that, on UN*Xes (Linux, macOS, *BSD, Solaris, HP-UX, AIX, etc.), if you have a ~/.config/wireshark directory, the ethers file will be in that directory rather than in ~/.wireshark.

Hey Bob, using cat or nano worked great. I think using the macOS text editor was the problem. Thank you very much for your help!

