This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

¿How do I create a PCAP file where the MAC appears?

0

try to create a pcap file from ubntu with dumpcap tool, but not the mac and I get priate time I turn the pcap in csv . help me please

asked 18 Jul '16, 23:30

adrip's gravatar image

adrip
6112
accept rate: 0%

I'm not sure we understand the question.

"PCAP file where the MAC appears" what does that mean?

"..., but not the mac", what does that mean?

"... I get priate time ...." what does that mean?

(19 Jul '16, 01:59) Jaap ♦

Hello Jaap ,

When I am writing in the terminal dumpcap and apply filters and parameters , I am writing the route to be saved to a file with nombre.pcap .

when I convert that file to csv to see all GET port 80 IP 's shown me , and pages .

I want to see the MAC of computers on the network hacinedo GET requests and time that have been made. please

(19 Jul '16, 03:12) adrip

One Answer:

0

The CVS output only gives you the packet overview lines, so a single line per packet. This includes all columns you have configured (in the Default profile that is "No", "Time", "Source", "Destination", "Protocol", "Length" and "Info"). The "Time" column is already there. You can add a column to that, set the name to "MAC" and the type to "HW src addr". This gives you both a MAC address and a Timestamp in the CSV output.

Notes:

  1. The timestamp is of the moment the frame is timestamped on the capture interface.
  2. The MAC address is that of the last IP node sending the frame, either the original host, or last intermediate router.

answered 19 Jul '16, 04:19

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%