Wireshark-users: Re: [Wireshark-users] Getting a unique list of BSSIDs

From: Christopher Maynard <Christopher.Maynard@xxxxxxx>
Date: Fri, 22 Jul 2016 20:30:33 +0000 (UTC)
Anthony Critelli <critellia@...> writes:

> Anyone have a good way, using either Wireshark or tshark, to get a
>  unique list of BSSIDs from a capture? I've been trying to do "tshark -r
>  capture.pcapng -T fields -e wlan.bssid | uniq" But this isn't working. 
> Maybe I'm missing something, but when tshark outputs the BSSIDs, each 
> one is different, even when they visibly appear to be the same. Confirmed
this 
> with od, and the octal dump of 2 seemingly identical lines (human
readable) are 
> different. It also seems to randomly throw empty lines in there. This is
preventing uniq from doing its job.
> Am I misunderstanding the usage of tshark? My understanding of the syntax
above would be that it should just output a list of all the BSSIDs in the
capture, and then I'm just piping it to uniq to filter out duplicates.

Maybe try something like this?

tshark -n -Y wlan.bssid -T fields -e wlan.bssid -r capture.pcapng | sort -u

- Chris