This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filtering Wireshark Results to a single MAC Address

0

Ok, So let me explain the reason, I am using Wireshark.

I am currently running CentOS 6.5 64-bit in Virtualbox with a Bridge Connection to my external WLAN USB Adapter.

As of now, The only way I can get an IP is by having a wired connect, but that is kinda a pain when I am using a laptop.

I've already asked on Virtualbox Forum and they can see nothing wrong with the configuration.

I am wanting to use Wireshark to see how far the CentOS is "supposedly reaching" before failing to retrieve an IP.

I have Wireshark open and running but I need to filter the results by the MAC Address of the CentOS Guest Operating System. I've searched through the Internet, and the help pages, but cannot find the proper command.

Can someone explain how I could filter please?

If this is already posted, I was not able to find said article and would appreciate it if someone would let me know.

Thank you.

asked 12 Aug '14, 20:52

countryboy01's gravatar image

countryboy01
1111
accept rate: 0%


One Answer:

0

Capturing on the bridged interface of Virtualbox does not work properly. We have had several reports in the past.

Please run tcpdump in the virtual machine (CentOS) and only use Wireshark to analyze the traffic.

tcpdump -ni eth0 -s 0 -w /var/tmp/dhcp.pcap

Then run the command dhclient in CentOS. After a few seconds stop the tcpdump and check what you've got.

If that does not work, try to capture on the ethernet/wireless interface of your Virtualbox host, not the bridged interface!

Regards
Kurt

answered 13 Aug '14, 01:00

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%