If I use to capture network traffic, it shows (among others) the MAC address and the SSID in real time, and I can see them in plaintext. For example: It furthermore stores the information in myfile-01.cap. However, if I now use to access the information stored in the file, for some MAC addresses the first part of it is "anonymized", like this: Is this a privacy feature? If it is, according to which rules is this feature applied to a MAC address? Can I turn it off (or on for all MAC addresses)? asked 03 Dec '14, 08:53  baukran edited 03 Dec '14, 08:54 |
One Answer:
The first part of the MAC address is the vendor code and Wireshark is helpfully replacing the numeric value with the textual equivalent if the vendor is known from the list installed along with Wireshark. This can be controlled by using the Name Resolution preferences "Resolve MAC addresses" option. answered 03 Dec '14, 10:04  grahamb ♦ |
