My goal here is to search the network for all ocurances of NICS that come from a specific vendor. I don't want to use the resolved option (eth.addr.oui.resolved)rather just the eth.addr.oui.
I have no idea how to use this. I've tried space, comma and semicolon delimited list of eth.add.oui items in the Value field, which doesn't seem correct. , but the I don't seem to know the magic handshake to get it to work. I am selecting eth.add.oui from the Field Name selector in the Display Filter Expression. In the 'Search:' field where it seems to autopopulate, it isn't. It says 'eth.addr' not eth.addr.oui. I don;'t know if thats a b00g or expected behavior,. Ultimately I am trying to find documentation on how to do this. Any assistance on how to use the Display filter expression builder in this manner would be awesome. -= Thanks!