This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

extract mac address using mate

0

Hi,

Part of the flow is the source and destination mac address but looks like mate isnt capable to extract eth.addr , can it be configured ?

Sample which i tried:

Pdu icmp_pdu Proto icmp Transport ip {

    Extract addr From ip.addr;
    Extract source_addr From eth.addr;
    Extract icmp_type From icmp.type;

};

Gop icmp_ses On icmp_pdu Match (addr, addr, source_addr, source_addr) {

Start (icmp_type=8);
Stop (icmp_type=0);
Extra (addr, addr, source_addr, source_addr, icmp_type);

};

Done;

asked 09 May '11, 00:45

okochva's gravatar image

okochva
1112
accept rate: 0%

edited 09 May '11, 01:37

One Answer:

1

My suggestion would be to use eth.src and ip.src instead.

answered 09 May '11, 06:00

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%