Showing posts from August, 2018

Aliasing MAC Addresses with Wireshark

I love Wireshark, but one thing is for sure: tracking 802.11 conversations with my human brain is difficult. Coloring rules help, but I find it very difficult to remember which MAC address is which wireless station.

Fortunately, Wireshark has the ability to alias IP and MAC addresses! These are defined in the "ethers" file. You should be able to do nearly the same thing on Windows, but here's how to do it on macOS.

1. Open a terminal, and run:
nano ~/Users/your_username/.config/wireshark/ethers

2. Define the MAC address and the desired alias in the file. Separate the MAC and alias with any number of spaces. Aliases themselves can't contain spaces.

ab:cd:ef:12:34:56 (AP)Aruba205H
12:34:56:ab:cd:ef (Client)Nokia6.1
ab:12:ef:cd:34:56 (Client)MacBookPro

Tip: I like to lead with either (AP) or (Client) so I can immediately tell which side is talking.

3. Save the file by pressing Ctrl+X, then Y for yes, then Enter.
4. Restart Wireshark, and now friendly, readable aliases will…