In this example: tcpdump is the name of macOS’s built-in packet trace tool. The sudo command causes tcpdump to run with privileges, which is necessary in order to record packets. The -i en0 option tells tcpdump to record packets on the default Ethernet-like interface. Replace en0 with the short interface name you determined in Choose the Correct Interface. Macsecciscotrunk.pcap (libpcap) MACsec/802.1AE session, manual keys, 3750X switch-to-switch (Trustsec) forced across a half-duplex 10M hub connection, destination mac addresses can be seen for Cisco VTP, RSTP (RPVST+), CDP, EIGRP etc. As hangsanb alluded to, you can use Wireshark's Statistics - Endpoints, then choose the Ethernet tab for a list of unique MAC addresses, and choose the IPv4 (or IPv6) tab for the list of unique IP addresses.You probably want to disable name resolution to see the actual values instead of the resolved OUI's or domain names. The nice thing about Statistics - Endpoints is that it comes equipped. Tshark -r data.pcap -T fields -e frame.timeepoch -e frame.len but to have it ignore any packets from/to one or more devices that have a specific MAC address. I've tried variants of not eth.addr, mac.

15 September 2018

WinPcap, though still available for download (v4.1.3), has not seen an upgrade in many years and there are no road map/future plans to update the technology. While community support may persist, technical oversight by Riverbed staff, responses to questions posed by Riverbed resources, and bug reporting are no longer available.

Pcap For Macbook Air

Gordon Lyon, Nmap project founder, has created Npcap, a packet capture library for Windows, that includes WinPcap compatibility and may be a suitable replacement for WinPcap and WinPcap Pro. Information can be found at https://nmap.org/npcap/.