I am analyzing a pcap file and extracting data using tshark, but whenever I encounter an ICMP frame, the corresponding data being extracted by tshark is duplicated.
For the following frame in wireshark,
the above output from tshark.
I just need one value each for source and destination ip addresses. I would greatly appreciate it if someone can let me know if there is a different way to extract src and dst ip addresses from pcap. Currently I am using -e ip.src and -e ip.dst to get the ip addresses.
asked 23 Mar '15, 03:21
edited 23 Mar '15, 03:22
You can use
answered 23 Mar '15, 06:26