Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Getting a unique list of BSSIDs

From: Anthony Critelli <critellia () gmail com>
Date: Fri, 22 Jul 2016 18:39:52 -0400
Chris,

Thanks so much, this worked like a charm!

Final command that I used to sort by BSSIDs and order them by number of
frames seen (from high to low):

tshark -n -Y wlan.bssid -T fields -e wlan.bssid -r
/wlan/packets_to_sort.pcapng | sort | uniq | sort -rn | less


Sincerely,

Anthony Critelli
B.S. Applied Networking and Systems Administration, 2014
www.acritelli.com
(845) 283-4117

On Fri, Jul 22, 2016 at 4:30 PM, Christopher Maynard <
Christopher.Maynard () igt com> wrote:


Anthony Critelli <critellia@...> writes:


Anyone have a good way, using either Wireshark or tshark, to get a
 unique list of BSSIDs from a capture? I've been trying to do "tshark -r
 capture.pcapng -T fields -e wlan.bssid | uniq" But this isn't working.
Maybe I'm missing something, but when tshark outputs the BSSIDs, each
one is different, even when they visibly appear to be the same. Confirmed

this

with od, and the octal dump of 2 seemingly identical lines (human

readable) are

different. It also seems to randomly throw empty lines in there. This is

preventing uniq from doing its job.

Am I misunderstanding the usage of tshark? My understanding of the syntax

above would be that it should just output a list of all the BSSIDs in the
capture, and then I'm just piping it to uniq to filter out duplicates.

Maybe try something like this?

tshark -n -Y wlan.bssid -T fields -e wlan.bssid -r capture.pcapng | sort -u

- Chris



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: