Ask Your Question

Sabrina's profile - activity

overview network karma followed questions activity
2019-08-08 03:31:14 +0000 received badge  Famous Question (source)
2019-08-08 03:31:14 +0000 received badge  Notable Question (source)
2019-02-15 15:44:49 +0000 received badge  Popular Question (source)
2018-11-16 06:29:04 +0000 marked best answer tshark view mac address (vendor) name

I'm new to tshark and trying to print out unique IP address and it's MAC address together with the vendor of that MAC address. This is what I can do for now

c:\pcap>tshark -r input.pcap -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq -c
     25 00:01:42:00:01:42       10.1.1.1        00:0D:3a:00:0D:3a       172.16.1.1
     12 00:0D:3a:00:0D:3a       172.16.1.1      00:01:42:00:01:42       10.1.1.1

c:\pcap>

Desired Output

25 00:01:42:00:01:42   Cisco Systems, Inc.    10.1.1.1     00:0D:3a:00:0D:3a   Microsoft Corp.      172.16.1.1
12 00:0D:3a:00:0D:3a   Microsoft Corp.        172.16.1.1   00:01:42:00:01:42   Cisco Systems, Inc.  10.1.1.1

Is this possible? If yes, please let me know how to accomplish it using tshark. Thanks
2018-11-15 20:52:12 +0000 edited question tshark view mac address (vendor) name

tshark view mac address (vendor) name I'm new to tshark and trying to print out unique IP address and it's MAC address t
2018-11-14 17:56:31 +0000 edited question tshark view mac address (vendor) name

tshark view mac address name I'm new to tshark and trying to print out ip unique address and it's MAC address together w
2018-11-14 17:56:05 +0000 asked a question tshark view mac address (vendor) name

tshark view mac address name I'm new to tshark and trying to print out ip unique address and it's MAC address together w
2018-04-10 15:08:25 +0000 commented answer Does nmap mtu scan really send crafted mtu size?

Thanks @Jasper. I've been looking at my SYN packet and did not see MSS value (1460) ... May I know where did you see it.
2018-04-10 12:54:06 +0000 marked best answer Does nmap mtu scan really send crafted mtu size?

I've been reading about nmap techniques here as part of my network security syllabus ...

I've performed 2 scans ... one to port 1337 which is closed while the other port 4444 is open.

When I try nmap mtu scan and capture the packet with Wireshark, I don't see the mtu size (32) that I set in nmap.

user@linux:~$ sudo nmap --mtu 32 192.168.10.12 -p 1337

Nmap scan report for 192.168.10.12
Host is up (0.0023s latency).
PORT     STATE  SERVICE
1337/tcp closed waste
MAC Address: AA:AA:AA:AA:AA:12 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 13.13 seconds
user@linux:~$

The only value that I see is Total Length: 44

  1. Any idea why I did not see mtu size 32 in Wireshark?

  2. Is this the right place to check mtu size in Wireshark (IPv4 > Total Length)?

image description
2018-04-10 12:54:06 +0000 received badge  Scholar (source)
2018-04-10 07:57:32 +0000 edited question Does nmap mtu scan really send crafted mtu size?

Does nmap mtu scan really send crafted mtu size? I've been reading about nmap techniques here as part of my network secu
2018-04-10 07:56:26 +0000 received badge  Editor (source)
2018-04-10 07:56:26 +0000 edited question Does nmap mtu scan really send crafted mtu size?

Does nmap mtu scan really send crafted mtu size? I've been reading about nmap techniques here as part of my network secu
2018-04-10 07:55:59 +0000 asked a question Does nmap mtu scan really send crafted mtu size?

Does nmap mtu scan really send crafted mtu size? Since nmap is a well-known security tools, I guess this is the right se
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2