WEBVTT

00:00.420 --> 00:09.450
In last two lectures, we covered how to filter traffic by IP address and put a numbers right.

00:09.480 --> 00:18.000
Now in this lecture, we are going to learn how you can filter traffic by Mac address or addresses.

00:18.000 --> 00:20.370
It is equally important, right?

00:20.370 --> 00:26.340
So in the filter bar type edge, it means Ethernet address.

00:26.340 --> 00:33.900
Mac address is also known as physical address, hardware address or Ethernet address.

00:33.900 --> 00:39.030
So it here is short for the internet address.

00:39.030 --> 00:46.260
So it h dot a double D are equal to now type the MAC address.

00:46.260 --> 00:49.050
I'm going to type my own Mac address.

00:53.050 --> 00:54.550
If I hit enter.

00:54.610 --> 01:03.040
As you can see, guys, now, Wireshark is displaying all the packets or frames that this particular

01:03.040 --> 01:06.340
Mac address has sent or received.

01:06.370 --> 01:13.090
And here also, guys, you can use our operator to combine multiple Mac addresses.

01:13.720 --> 01:19.930
E third id are equal to and here you can specify another Mac address.

01:22.480 --> 01:31.270
Now this time a Wireshark is going to display frames or packets that these two specified Mac addresses

01:31.270 --> 01:33.820
have sent or received.

01:33.820 --> 01:42.400
And you can also use note operator here, just like we used with IP header filter node.

01:42.700 --> 01:51.130
Now Wireshark has removed all the packets that this particular Mac address has sent or received.

01:51.160 --> 02:02.860
Now let's say you only want to see the packets or frames that a particular Mac address has sent out.

02:02.920 --> 02:07.010
Then replace Adder with source OC.

02:07.090 --> 02:13.690
It is going to display all the frames that this particular Mac address has sent.

02:13.720 --> 02:21.580
Now, before pressing enter, I'm going to add the source Mac field into the columns.

02:21.610 --> 02:26.290
It will make it easier to analyze the MAC addresses.

02:26.530 --> 02:34.120
So either source right click on source field, click on Apply S column.

02:34.390 --> 02:41.090
As you can see, a new source Mac address field has been added into the columns.

02:41.120 --> 02:41.650
Right.

02:42.670 --> 02:47.710
I'm going to drag and drop the Mac address field at the end.

02:47.980 --> 02:55.420
I'm also going to add the destination field, right click on destination, click on Apply Column.

02:55.420 --> 03:00.010
As you can see, Destination Mac Address Field has also been added.

03:00.010 --> 03:02.290
Let me drag it at the end.

03:02.290 --> 03:06.840
Now we have both source and destination.

03:06.850 --> 03:15.430
Now if I apply this filter by hitting enter now guys you are only going to see this Mac address in the

03:15.430 --> 03:16.330
source field.

03:16.330 --> 03:24.910
As you can see, it is only displaying the packets or frames that this specified Mac address has sent

03:24.910 --> 03:33.730
and if you replace source with destination now, it is only going to display the packets that this Mac

03:33.730 --> 03:34.990
address has received.

03:34.990 --> 03:41.740
So if I hit Enter now under the destination column, you are only going to see this Mac address as you

03:41.740 --> 03:42.430
can see.