You could brute force it with grep and finesse the output as needed:
The-Ultimate-PCAP$ tshark -r ./*202002* -2 -R ipv6.dst_sa_mac -Nm -V | grep
"Destination SA MAC" | sort | uniq
[Destination SA MAC: AmazonTe_05:cd:40 (38:f7:3d:05:cd:40)]
[Destination SA MAC: Sonos_a4:21:8c (78:28:ca:a4:21:8c)]
[Destination SA MAC: Tp-LinkT_4d:6b:8d (f8:1a:67:4d:6b:8d)]
[Destination SA MAC: Tp-LinkT_4d:76:63 (f8:1a:67:4d:76:63)]
[Destination SA MAC: AVMAudio_7e:33:a2 (c8:0e:14:7e:33:a2)]
[Destination SA MAC: AVM_cc:c2:a9 (bc:05:43:cc:c2:a9)]
[Destination SA MAC: Cisco_60:17:c1 (00:25:45:60:17:c1)]
On Fri, Jul 30, 2021 at 7:57 PM Marco Davids (SIDN) via Wireshark-dev <
wireshark-dev@wireshark.org> wrote:
> Op 30-07-21 om 21:10 schreef João Valverde via Wireshark-dev:
>
> >> Also, I have not find any aggregate statistics just yet. But
> >> nevertheless still happy with this nice feature.
> >>
> >
> > The statistics for SLAAC/OUI don't exist. What I was trying to say is
> > that, if we were to add something like that, I think they should go
> > somewhere under the IPv6 Statistics menu, not Endpoints.
>
> Ah okay. Got you. Thanks.
>
> One final question; I can't seem to do name resolution with thsark on
> the mac addresses I derive from IPv6 SLAAC addresses.
>
> So I can do this:
>
> tshark -r ~/ipv6.pcap -2 -R 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
>
> or this:
>
> tshark -Y 'ipv6.dst_sa_mac' -Tfields -eipv6.dst_sa_mac
>
> And that results in a nice list of MAC addresses in the output.
>
> But adding "-o 'nameres.mac_name:TRUE'" or "-Nm" does not help to cause
> manufacturer name resolution to happen on these mac addresses.
>
> It does work for "-e eth.addr_resolved", but obviously this options
> concerns other MAC addresses.
>
> Is what I would like to do at all possible, or is that specific use case
> something that tshark currently does not support?
>
> Thanks.
>
> --
> Marco
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
