Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-11-14 17:56:05 +0000

Sabrina gravatar image

tshark view mac address name

I'm new to tshark and trying to print out ip unique address and it's MAC address together with the vendor of that MAC address. This is what I can do for now

c:\pcap>tshark -r input.pcap -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq -c
     25 00:01:42:00:01:42       10.1.1.1        00:0D:3a:00:0D:3a       172.16.1.1
     12 00:0D:3a:00:0D:3a       172.16.1.1      00:01:42:00:01:42       10.1.1.1

c:\pcap>

Desired Output

25 00:01:42:00:01:42   Cisco Systems, Inc.    10.1.1.1     00:0D:3a:00:0D:3a   Microsoft Corp.      172.16.1.1
12 00:0D:3a:00:0D:3a   Microsoft Corp.        172.16.1.1   00:01:42:00:01:42   Cisco Systems, Inc.  10.1.1.1

Is this possible? If yes, please let me know how to accomplish it using tshark. Thanks

tshark view mac address name

I'm new to tshark and trying to print out ip unique address and it's MAC address together with the vendor of that MAC address. This is what I can do for now

c:\pcap>tshark -r input.pcap -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq -c
     25 00:01:42:00:01:42       10.1.1.1        00:0D:3a:00:0D:3a       172.16.1.1
     12 00:0D:3a:00:0D:3a       172.16.1.1      00:01:42:00:01:42       10.1.1.1

c:\pcap>

Desired Output

25 00:01:42:00:01:42   Cisco Systems, Inc.    10.1.1.1     00:0D:3a:00:0D:3a   Microsoft Corp.      172.16.1.1
12 00:0D:3a:00:0D:3a   Microsoft Corp.        172.16.1.1   00:01:42:00:01:42   Cisco Systems, Inc.  10.1.1.1

Is this possible? If yes, please let me know how to accomplish it using tshark. Thanks

tshark view mac address (vendor) name

I'm new to tshark and trying to print out ip unique IP address and it's MAC address together with the vendor of that MAC address. This is what I can do for now

c:\pcap>tshark -r input.pcap -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq -c
     25 00:01:42:00:01:42       10.1.1.1        00:0D:3a:00:0D:3a       172.16.1.1
     12 00:0D:3a:00:0D:3a       172.16.1.1      00:01:42:00:01:42       10.1.1.1

c:\pcap>

Desired Output

25 00:01:42:00:01:42   Cisco Systems, Inc.    10.1.1.1     00:0D:3a:00:0D:3a   Microsoft Corp.      172.16.1.1
12 00:0D:3a:00:0D:3a   Microsoft Corp.        172.16.1.1   00:01:42:00:01:42   Cisco Systems, Inc.  10.1.1.1

Is this possible? If yes, please let me know how to accomplish it using tshark. Thanks

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2