如何从捕获的包中获取所有mac地址?
如何从捕获的包中获取所有mac地址?
提问于 2016-06-09 10:12:27
tcpdump -i任意-w all.cap
现在,如何从捕获的包中获取所有的mac地址?
相同的mac地址和一个地址。
回答 1
Ask Ubuntu用户
回答已采纳
发布于 2016-06-09 11:51:53
首次安装tshark
sudo apt-get install tshark现在我们有了读取.cap文件连接的工具。
有命令
tshark -r all.cap -i eth0 -nn -e eth.src -Tfields你会得到像这样的输出
00:17:31:91:0c:8c
00:17:31:91:0c:8c
00:17:31:91:0c:8c
00:e0:1e:b4:12:42
00:17:31:91:0c:8c
00:17:31:91:0c:8c
54:a0:50:64:cc:39
00:e0:1e:b4:12:42
54:a0:50:64:cc:39
00:e0:1e:b4:12:42
54:a0:50:64:cc:39
00:e0:1e:b4:12:42
54:a0:50:64:cc:39
00:17:31:91:0c:8c
00:17:31:91:0c:8c
54:a0:50:64:cc:39或者你可以修改命令
tshark -r aalmac.pcap -i eth0 -nn -e ip.src -e eth.src -Tfield得到输出
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.205 00:17:31:91:0c:8c
00:e0:1e:b4:12:42
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.40 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.247 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.189 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.143 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.143 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
xxx.xxx.xxx.155 00:e0:1e:b4:12:42
xxx.xxx.xxx.5 54:a0:50:64:cc:39
00:e0:1e:b4:12:42
xxx.xxx.xxx.154 00:e0:1e:b4:12:42
xxx.xxx.xxx.205 00:17:31:91:0c:8c
xxx.xxx.xxx.5 54:a0:50:64:cc:39您可以看到,在某些ip上,我有两个或更多的mac地址。这意味着ip来自路由器上的同一个端口。
接下来,您可以修改命令如下所示
tshark -r all.cap -i eth0 -nn -e eth.src -Tfields | sort | uniq您将得到排序和唯一的mac <-> ip对。
xxx.xxx.xxx.154 00:e0:1e:b4:12:42
xxx.xxx.xxx.69 00:e0:1e:b4:12:42
xxx.xxx.xxx.69 00:e0:1e:b4:12:42
xxx.xxx.xxx.143 00:e0:1e:b4:12:42
xxx.xxx.xxx.155 00:e0:1e:b4:12:42
xxx.xxx.xxx.23 00:e0:1e:b4:12:42
xxx.xxx.xxx.13 00:e0:1e:b4:12:42
xxx.xxx.xxx.247 00:e0:1e:b4:12:42
xxx.xxx.xxx.77 00:e0:1e:b4:12:42
xxx.xxx.xxx.138 00:e0:1e:b4:12:42
xxx.xxx.xxx.18 00:1e:8c:a8:3a:9b
xxx.xxx.xxx.205 00:17:31:91:0c:8c..。
页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/784827
复制相关文章
相似问题
腾讯云开发者
