As hangsanb alluded to, you can use Wireshark's Statistics - Endpoints, then choose the Ethernet tab for a list of unique MAC addresses, and choose the IPv4 (or IPv6) tab for the list of unique IP addresses.You probably want to disable name resolution to see the actual values instead of the resolved OUI's or domain names. The nice thing about Statistics - Endpoints is that it comes equipped. Macsecciscotrunk.pcap (libpcap) MACsec/802.1AE session, manual keys, 3750X switch-to-switch (Trustsec) forced across a half-duplex 10M hub connection, destination mac addresses can be seen for Cisco VTP, RSTP (RPVST+), CDP, EIGRP etc. Packet Peeper is a free network protocol analyzer (or ‘packet sniffer’) for Mac OS X. Its features include: TCP stream reassembly; Privilege separation; Simultaneous capture sessions; Filters, which may be defined at any time. Packet Peeper uses the same syntax as tcpdump and Wireshark (or any other program that uses the pcap library). I have a pcap and need to identify which interface it was captured on. In file properties, the interface is unknown. I have the MAC addresses and TTLs of each packet, but I don't know who captured the packets. Any help would be greatly appreciated. Packets sorted by TTL. Endpoints MAC addresses.
The WinPcap project has ceased development and WinPcap and WinDump are no longer maintained. We recommend using Npcap instead.
If you do insist upon using WinPcap, be aware that its installer was built with an old version of NSIS and as a result is vulnerable to DLL hijacking.
For the list of changes, refer to the changelog.
Version 4.1.3 Installer for Windows
- Windows NT4/2000
- Windows XP/2003/Vista/2008/Win7/2008R2/Win8 (x86 and x64)
MD5 Checksum: a11a2f0cfe6d0b4c50945989db6360cd
SHA1 Checksum: e2516fcd1573e70334c8f50bee5241cdfdf48a00
This executable file installs WinPcap on your machine.
- Download and run the executable
- Follow the instructions on the screen. The installation applet will automatically detect the operating system and install the correct drivers
- The WinPcap-based applications are now ready to work
- To remove WinPcap from the system, go to the Control Panel, click on 'Add/Remove programs' and then select 'WinPcap'
File TypePacket Capture Data
What is a PCAP file?
Data file created by Wireshark (formerly Ethereal), a free program used for network analysis; contains network packet data created during a live network capture; used for 'packet sniffing' and analyzing data network characteristics; can be analyzed using software that includes the libpcap or WinPcap libraries.
Wireshark is available for Mac, Windows, and Linux platforms. Professors and students often use the software for studying data communications.
NOTE: Wireshark was renamed from Ethereal in May, 2006 due to trademark issues.