MAC Address Lookup
You're working in the command line and need to look up the vendor/manufacturer of a MAC address. Here's one way to do this. Make a request to the site macvendorlookup.com using the --data parameter to see dump the content to stdout, like so:
curl --data --url www.macvendorlookup.com/api/v2/00:22:90:9d:d6:b9
[{"startHex":"002290000000","endHex":"002290FFFFFF","startDec":"148444807168","endDec":"148461584383","company":"CISCO SYSTEMS, INC.","addressL1":"170 W. TASMAN DRIVE","addressL2":"M\/S SJA-2","addressL3":"SAN JOSE CA 95134-1706","country":"UNITED STATES","type":"MA-L"}]
What if you need to find the MAC addresses of a host in the first place? tshark will do that..
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -Y 'ip.addr == 10.10.1.1'
To see the IP's and MAC addresses of the hosts your IP communicated with, just add those fields:
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -e ip.dst -e eth.dst -Y 'ip.addr == 10.10.1.1'
curl --data --url www.macvendorlookup.com/api/v2/00:22:90:9d:d6:b9
[{"startHex":"002290000000","endHex":"002290FFFFFF","startDec":"148444807168","endDec":"148461584383","company":"CISCO SYSTEMS, INC.","addressL1":"170 W. TASMAN DRIVE","addressL2":"M\/S SJA-2","addressL3":"SAN JOSE CA 95134-1706","country":"UNITED STATES","type":"MA-L"}]
What if you need to find the MAC addresses of a host in the first place? tshark will do that..
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -Y 'ip.addr == 10.10.1.1'
To see the IP's and MAC addresses of the hosts your IP communicated with, just add those fields:
tshark -n -r packets1.pcap -T fields -e ip.src -e eth.src -e ip.dst -e eth.dst -Y 'ip.addr == 10.10.1.1'