Count unique IP addresses:
tshark -r filename.cap -T fields -e ip.dst ip.src | sort | uniq
Count unique Ethernet addresses:
tshark -r filename.cap -T fields -e eth.dst eth.src | sort | uniq
Note that e.g. ip.addr, which seems natural, actually lists out IP conversation endpoints.
(with many thanks, and a shout-out to Sake Blok)
==========================================================================
As hangsanb alluded to, you can use Wireshark's
tshark -r filename.cap
Count unique Ethernet addresses:
tshark -r
Note that e.g. ip.addr, which seems natural, actually lists out IP conversation endpoints.
(with many thanks, and a shout-out to Sake Blok)
==========================================================================
As hangsanb alluded to, you can use Wireshark's
Statistics -> Endpoints, then choose the Ethernet tab for a list of unique MAC addresses, and choose the IPv4 (or IPv6) tab for the list of unique IP addresses. You probably want to disable name resolution to see the actual values instead of the resolved OUI's or domain names. The nice thing about Statistics -> Endpoints is that it comes equipped with a "Copy" button so you can easily copy all the relevant information about those endpoints to a text/csv file for further analysis/reporting.
No comments:
Post a Comment
Thank you