Wireshark mailing list archives
Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses
From: chuck c <bubbasnmp () gmail com>
Date: Fri, 30 Jul 2021 20:37:07 -0500
You could brute force it with grep and finesse the output as needed: The-Ultimate-PCAP$ tshark -r ./*202002* -2 -R ipv6.dst_sa_mac -Nm -V | grep "Destination SA MAC" | sort | uniq [Destination SA MAC: AmazonTe_05:cd:40 (38:f7:3d:05:cd:40)] [Destination SA MAC: Sonos_a4:21:8c (78:28:ca:a4:21:8c)] [Destination SA MAC: Tp-LinkT_4d:6b:8d (f8:1a:67:4d:6b:8d)] [Destination SA MAC: Tp-LinkT_4d:76:63 (f8:1a:67:4d:76:63)] [Destination SA MAC: AVMAudio_7e:33:a2 (c8:0e:14:7e:33:a2)] [Destination SA MAC: AVM_cc:c2:a9 (bc:05:43:cc:c2:a9)] [Destination SA MAC: Cisco_60:17:c1 (00:25:45:60:17:c1)] On Fri, Jul 30, 2021 at 7:57 PM Marco Davids (SIDN) via Wireshark-dev < wireshark-dev () wireshark org> wrote:
Op 30-07-21 om 21:10 schreef João Valverde via Wireshark-dev:Also, I have not find any aggregate statistics just yet. But nevertheless still happy with this nice feature.The statistics for SLAAC/OUI don't exist. What I was trying to say is that, if we were to add something like that, I think they should go somewhere under the IPv6 Statistics menu, not Endpoints.Ah okay. Got you. Thanks. One final question; I can't seem to do name resolution with thsark on the mac addresses I derive from IPv6 SLAAC addresses. So I can do this: tshark -r ~/ipv6.pcap -2 -R 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac or this: tshark -Y 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac And that results in a nice list of MAC addresses in the output. But adding "-o 'nameres.mac_name:TRUE'" or "-Nm" does not help to cause manufacturer name resolution to happen on these mac addresses. It does work for "-e eth.addr_resolved", but obviously this options concerns other MAC addresses. Is what I would like to do at all possible, or is that specific use case something that tshark currently does not support? Thanks. -- Marco ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses João Valverde via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses João Valverde via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses João Valverde via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses chuck c (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses Marco Davids (SIDN) via Wireshark-dev (Jul 30)
- Re: Enhancement suggestion: OUI tool for IPV6 SLAAC addresses João Valverde via Wireshark-dev (Jul 30)