Simple Tshark script to dump MAC and IP address pairs to file

For the S4x19 competition, I needed a simple script to go through several hundred GB of pcaps and dump out a list of IP and MAC address pairings to prepare elements for the challenge. Here is a simple BASH script that can achieve that simply with tshark (sudo apt-get install tshark):

#!/bin/bash
set -x
OUTPUT_DIR=data
rm -rf $OUTPUT_DIR
mkdir $OUTPUT_DIR
for FILENAME in *.pcap; do
        tshark -r $FILENAME -T fields -e eth.src -e ip.src -e eth.dst -e ip.dst | sort | uniq > $OUTPUT_DIR/$FILENAME.output.txt
done

Blog tags: 

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <python> <c>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.