Cisco Unique Identifier in Wireshark?

Unanswered Question
Apr 10th, 2009

For the users of WireShark, when doing a packet capture is there a unique identifier where I can look the packet and tell if it came from a cisco device?

I was assuming mac address but not all Cisco start with the same mac. I would like to be able to filter out packets that tx from a cisco device.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
greg.washburn Fri, 04/10/2009 - 11:23

Have you tried:

Edit > Preferences > Name Resolution > Check enable MAC name resolution.

This should then show the word "Cisco" in the mac address of all Cisco devices.

Alternatively, I would think you would need to build an expression like:

!(eth.src == 00:1b:8f:37:1a:88) and !(eth.src == 00:1b:8f:37:1a:87)

There is instructions in the help file for using partial macs and / or IPs instead of full IPs and / or macs.

Actions

This Discussion