This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Merge files + identifying Ip ID’s

0

Hello,

I have client and server side captures, and I have merged them to find the matching Identification ID's. I used that as column and tested. There are about 100k of packets where am I have hard time to find the packets matching. I used Statistics > Compare.. but did not get good information.

Needed your inputs to achieve this.

Regards Prabh

asked 21 Feb '14, 09:40

prabh's gravatar image

prabh
11112
accept rate: 0%

Why are you trying to find the matching IP IDs? What is it that you are ultimately trying to accomplish?

(21 Feb '14, 13:07) Jim Aragon

One Answer:

0

You can print the IP IDs with tshark and then use a script (perl, python, whatever) or a spreadsheet software to find duplicate values.

tshark -nr input.pcap -T fields -e frame.number -e ip.id -E header=yes -E separator=; > ip_id.txt

Sample output:

frame.number;ip.id
1;0xf038
2;0x95c0
3;0xf039
4;0x95c0

Regards
Kurt

answered 24 Feb '14, 10:47

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 24 Feb '14, 10:48