ChuckS wrote:
Ethernet II, Src: 00:04:00:6c:48:82, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff (Broadcast)
Source: 00:04:00:6c:48:82 (LexmarkI_6c:48:82)
Type: Netware IPX/SPX (0x8137)
Huh! IPX packets are not IP.
True however "LexmarkI_6c:48:82" is enough of a clue as to
the device type and each of the printers also talk TCP/IP.
I hoped there is a means to cross reference for each printer's
IP within a recorded capture.
There is no inherent capability in Ethereal to build a list or map of
observed layer-2 to layer-3 addresses (which can be a bit misleading
anyway if the actual network host is on the other side of a router,
firewall, or translation device from the packet capture device)
Your best effort would be to filter for all traffic from
00:04:00:6c:48:82 and lok for IP packets.
When I enter 00:04:00:6c:48:82 into the Capture / Filter field.
The error displays: "Unable to parse filter string (parse error)."
This is because "00:04:00:6c:48:82" is not a valid filter string. To
set a display filter on an Ethernet MAC address, you could use the
filter eth.addr == 00:04:00:6c:48:82. See the Man page or Users guide
for more info about filtering, or the tcpdump man page (or other reason
messages to this mailing list) for more details on building capture filters.
Ian