On 31/07/21 01:56, Marco Davids (SIDN) wrote:
Op 30-07-21 om 21:10 schreef João Valverde via Wireshark-dev:
Also, I have not find any aggregate statistics just yet. But
nevertheless still happy with this nice feature.
The statistics for SLAAC/OUI don't exist. What I was trying to say is
that, if we were to add something like that, I think they should go
somewhere under the IPv6 Statistics menu, not Endpoints.
Ah okay. Got you. Thanks.
One final question; I can't seem to do name resolution with thsark on
the mac addresses I derive from IPv6 SLAAC addresses.
So I can do this:
tshark -r ~/ipv6.pcap -2 -R 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
or this:
tshark -Y 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
And that results in a nice list of MAC addresses in the output.
But adding "-o 'nameres.mac_name:TRUE'" or "-Nm" does not help to cause
manufacturer name resolution to happen on these mac addresses.
It does work for "-e eth.addr_resolved", but obviously this options
concerns other MAC addresses.
Is what I would like to do at all possible, or is that specific use case
something that tshark currently does not support?
Apparently it's not supported. I'm not sure if this limitation is
intended behavior or not. Few addresses other than Ethernet have an
extra "resolved" field attached.
A work-around is to use:
tshark -Y 'ipv6.dst_sa_mac' -Nm -O ipv6 | grep '\[SA MAC'