Wireshark-users: [Wireshark-users] Wireshark nooob using tshark from CLI.....
I'm writing a test script to do some value checking and although I've
read the docs and the wiki I can't quite see how to do the following.
When tshark captures data from a wireless network it normally converts
the mac address of the target router to MA:NU:FA:xx:xx:xx unless you
use the -n switch in the setting line. I want to capture both the
manufacturer value and the complete mac address in one line, anyone
know how this can be achieved? (I've searched through the values from
a capture and can't see a -e variable that specifically chooses the
un-MANUFA mac address.
What I'm trying to capture is a list of local WLANS:-
"mac address" "Signal Strength" "SSID"
"MA:NU:FA:xx:xx:xx" (which I'll then sed to just the MANUFA value)"
"Hidden or Visible"
Thus far my line is......
tshark -i mon0 -a duration:60 -Tfields -e wlan.sa -e
radiotap.dbm_antsignal -e wlan_mgt.ssid
Can anyone offer suggestions that will allow me too capture all five
variables in a single tshark line?
Thanks
