We all want to work as efficiently as possible. After spending too much time staring at Wireshark pcap files and straining my eyes over frame exchanges, I got tired of looking for that MAC address I can never remember.
In Wireshark, this is called Ethernet Name Resolution.
Wireshark allows you to create custom name resolution. Instead of looking for a MAC address such as 7e:18:3c:1d:bb:51, I can have it stick out and say ROWELL_IPHONEXR.
I’m on MacOS. The easy way is to open terminal and navigate to where the Wireshark personalization files are which is:
~/.config/wireshark
You may or may not have a file named ethers. If not, create one and we can add our MAC layer name resolution:
vi ethers
Next, you can add each MAC address and the name you want it to resolve to such as:
7e:18:3c:1d:bb:51 ROWELL_IPHONEXR
5c:5b:35:54:7c:35 AP_MIST_HOME
Enter each resolution on its own line starting with the MAC address. Enter a single space and type in the name you desire. The name cannot contain a space character.
Save the file:
:wq
Next, restart Wireshark and check out the difference.
Leave a Reply