Op 30-07-21 om 21:10 schreef João Valverde via Wireshark-dev:
Also, I have not find any aggregate statistics just yet. But
nevertheless still happy with this nice feature.
The statistics for SLAAC/OUI don't exist. What I was trying to say is
that, if we were to add something like that, I think they should go
somewhere under the IPv6 Statistics menu, not Endpoints.
Ah okay. Got you. Thanks.
One final question; I can't seem to do name resolution with thsark on
the mac addresses I derive from IPv6 SLAAC addresses.
So I can do this:
tshark -r ~/ipv6.pcap -2 -R 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
or this:
tshark -Y 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
And that results in a nice list of MAC addresses in the output.
But adding "-o 'nameres.mac_name:TRUE'" or "-Nm" does not help to cause
manufacturer name resolution to happen on these mac addresses.
It does work for "-e eth.addr_resolved", but obviously this options
concerns other MAC addresses.
Is what I would like to do at all possible, or is that specific use case
something that tshark currently does not support?
Thanks.
--
Marco
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
