First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Missing MAC addresses in pcap.

Recently all of my clients have been sending pcaps that appear to be missing MAC addresses. I'll have 10 MAC and 100 IPs. At first I thought maybe this was a user error at the time of collection and they were filtering out Layer 2, but it's started happening all of the sudden, among different clients, using different switch vendors.

I am starting to wonder if a new Wireshark update might have changed some default capture settings. Has anyone else experienced this?

chronicinquiry's avatar
1
chronicinquiry
asked 2023-06-02 13:42:17 +0000
edit flag offensive 0 remove flag close merge delete

Comments

What do you mean by "missing MACs"? How have you determined the MAC address is missing?

grahamb's avatar grahamb (2023-06-02 13:44:39 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

When I go to Statistics > Endpoint, there aren't MAC addresses for every IP. I think I figured it out. They are collecting the traffic that has passed through a router, so the MACs have been dropped.

chronicinquiry's avatar
1
chronicinquiry
answered 2023-06-02 15:23:32 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer