Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
569
Views
4
Helpful
1
Replies

Cisco Unique Identifier in Wireshark?

robert.harp
Level 1
Level 1

‎04-10-2009 10:52 AM - edited ‎03-06-2019 05:07 AM

For the users of WireShark, when doing a packet capture is there a unique identifier where I can look the packet and tell if it came from a cisco device?

I was assuming mac address but not all Cisco start with the same mac. I would like to be able to filter out packets that tx from a cisco device.

Thanks

Labels:
0 Helpful
1 Reply 1

greg.washburn
Level 1
Level 1

‎04-10-2009 11:23 AM

Have you tried:

Edit > Preferences > Name Resolution > Check enable MAC name resolution.

This should then show the word "Cisco" in the mac address of all Cisco devices.

Alternatively, I would think you would need to build an expression like:

!(eth.src == 00:1b:8f:37:1a:88) and !(eth.src == 00:1b:8f:37:1a:87)

There is instructions in the help file for using partial macs and / or IPs instead of full IPs and / or macs.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card