I want to view just the ethernet address of the frame and then swap the ':' for '-' in the output. But the output seems to randomly display the frame number in addition to the MAC address. In the snip below you can see the frame number in the 4th frame and the 21st and 22nd. It seem to show up randomly. Is this a bug or something wrong with my syntax? The output without piping is fine, it's only when I pipe it into sed that thinks get wonky.
Note: dropping the '-l' from tshark only displays the frame number when piping to sed. That is also unexpected.
Here is my syntax:
tshark -i en10 -T fields -e eth.src -l | sed s/:/-/g
Does this:
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
4 72-81-eb-8e-6f-3a
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-8e-6f-3a
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-8e-6f-3a
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-e8-4c-28
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
21 72-81-eb-8e-6f-3a
22 72-81-eb-8e-6f-3a
72-81-eb-e8-4c-28
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
72-81-eb-8e-6f-3a
