Comment by cmaynard for You can get part of the way there by using...
It makes one wonder why there are no src, dst or addr OUI filters available along with their fully resolved counterparts. Filters like `eth.src.oui_resolved contains "Cisco"` or `eth.addr.oui_resolved...
View ArticleComment by cmaynard for You can get part of the way there by using...
Yes, that's true, but a filter such as `eth.src_resolved contains "Cisco Systems"` wouldn't work because the OUI name is truncated, nor would a filter such as `eth.src_resolved == "Cisco Systems, Inc"`...
View ArticleComment by Jaap for You can get part of the way there by using...
I was referring to filter expressions like `eth.src_resolved contains "Cisco"` are already possible. I assume the prevailing use case is filtering on the actual OUI octets, such as `eth.src[0:3] ==...
View ArticleComment by Jaap for You can get part of the way there by using...
Because you can already do that with `eth.src_resolved` and `eth.dst_resolved`?
View ArticleComment by cmaynard for You can get part of the way there by using...
Those filters do not yield resolved OUI's. They give you a highly truncated resolved OUI, combined with the remaining 3 bytes of the MAC address, which isn't the same thing. There are a number of other...
View ArticleComment by cmaynard for You can get part of the way there by using...
By the way, the longest manufacturer's name appears to be 88 characters in length, so if truncated names is to be avoided, the `MAXNAMELEN` may need to be increased to accommodate it or a different...
View ArticleComment by Jaap for You can get part of the way there by using...
Probably there's no need for filtering for `eth.src_resolved == "Cisco Systems, Inc"`, as this would leave out about a 100 other Cisco related OUI's. Try grepping for "Cisco" in manuf. That being said,...
View ArticleComment by cmaynard for You can get part of the way there by using...
The filter for *Cisco Systems, Inc* was just one example to illustrate the point of a complete and exact OUI string match. Perhaps a better example to help drive the point home might be...
View ArticleComment by cmaynard for You can get part of the way there by using...
For what it's worth, [bug 15300](https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15300) and [bug 15393](https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15393) have been filed as a direct result...
View ArticleAnswer by grahamb for I'm new to tshark and trying to print out unique IP...
You can get part of the way there by using `eth.src_resolved` and `eth.dst_resolved`, this will give output such as: 25 Cisco_00:01:42 10.1.1.1 Microsoft_00:0D:3a 172.16.1.1 12 Microsoft_00:0D:3a...
View Articletshark view mac address (vendor) name
I'm new to tshark and trying to print out unique IP address and it's MAC address together with the vendor of that MAC address. This is what I can do for now c:\pcap>tshark -r input.pcap -T fields -e...
View Article